[Samba] "force user" option with NT4 domain

Bowie Bailey Bowie_Bailey at BUC.com
Fri Oct 17 13:38:03 MDT 2014

On 10/17/2014 3:24 PM, Rowland Penny wrote:
> On 17/10/14 20:15, Bowie Bailey wrote:
>> I noticed that there were some fixes for "force user" problems in
>> Samba 4.1.6.  CentOS 7 is still providing 4.1.1.  Could that be the
>> issue?  I am investigating alternate sources for a newer package.
> It could be, what OS are you using and in the mean time please post your
> smb.conf.

The OS is CentOS 7.  I currently have it set with "security = user" for 
testing.  Once I get it working, it will need to be "security = domain" 
and connected to an NT domain.  Either way, the problem was exactly the 

Normally, I connect to the shares from a Windows box.  If I connect from 
linux with smbclient, I see this error:

tree connect failed: NT_STATUS_INVALID_SID

If I remove the "force user" option, the error goes away and I get 
access to the share.

Here is the smb.conf.  I have edited out a bunch of share definitions 
that do not relate to this discussion.

         workgroup = BUCINTL
         server string = Network Storage Server
         netbios name = BNIFSTORE2
         hosts allow = 10.8.0. 172.16. except 172.16.17.
         hosts deny = 172.16.17.
         log file = /var/log/samba/log.%m
         max log size = 5000
         log level = 1
         security = user
         passdb backend = tdbsam
        domain master = no
        local master = no
        preferred master = no
        wins support = no
        wins server =
        dns proxy = no

         comment = Home Directories
         path = /home/shares/private/%S
         browseable = no
         writable = yes
         create mask = 600
         directory mask = 700
         valid users = %S

    comment = Public Share
    path = /home/shares/public/public
    public = yes
    guest ok = yes
    only guest = yes
    writeable = yes
    browsable = yes
    printable = no

    path = /home/shares/test
    public = yes
    writeable = yes
    browseable = yes
    force user = bowieb, pcguest
    valid users = bowieb


More information about the samba mailing list