[Samba] "force user" option with NT4 domain

Rowland Penny rowlandpenny at googlemail.com
Fri Oct 17 13:50:16 MDT 2014 

On 17/10/14 20:38, Bowie Bailey wrote:
> On 10/17/2014 3:24 PM, Rowland Penny wrote:
>> On 17/10/14 20:15, Bowie Bailey wrote:
>>>
>>> I noticed that there were some fixes for "force user" problems in
>>> Samba 4.1.6.  CentOS 7 is still providing 4.1.1.  Could that be the
>>> issue?  I am investigating alternate sources for a newer package.
>>>
>> It could be, what OS are you using and in the mean time please post your
>> smb.conf.
>
> The OS is CentOS 7.  I currently have it set with "security = user" 
> for testing.  Once I get it working, it will need to be "security = 
> domain" and connected to an NT domain.  Either way, the problem was 
> exactly the same.
>
> Normally, I connect to the shares from a Windows box.  If I connect 
> from linux with smbclient, I see this error:
>
> tree connect failed: NT_STATUS_INVALID_SID
>
> If I remove the "force user" option, the error goes away and I get 
> access to the share.
>
> Here is the smb.conf.  I have edited out a bunch of share definitions 
> that do not relate to this discussion.
>
> [global]
>         workgroup = BUCINTL
>         server string = Network Storage Server
>         netbios name = BNIFSTORE2
>         hosts allow = 10.8.0. 172.16. except 172.16.17.
>         hosts deny = 172.16.17.
>         log file = /var/log/samba/log.%m
>         max log size = 5000
>         log level = 1
>         security = user
>         passdb backend = tdbsam
>        domain master = no
>        local master = no
>        preferred master = no
>        wins support = no
>        wins server = 172.16.1.12
>        dns proxy = no
>
> [homes]
>         comment = Home Directories
>         path = /home/shares/private/%S
>         browseable = no
>         writable = yes
>         create mask = 600
>         directory mask = 700
>         valid users = %S
>
> [public]
>    comment = Public Share
>    path = /home/shares/public/public
>    public = yes
>    guest ok = yes
>    only guest = yes
>    writeable = yes
>    browsable = yes
>    printable = no
>
> [test]
>    path = /home/shares/test
>    public = yes
>    writeable = yes
>    browseable = yes
>    force user = bowieb, pcguest
>    valid users = bowieb
>
Firstly, you are not using a NT4 domain, you have a standalone server, 
secondly, does the user pcguest exist in /etc/passwd AND the samba 
database. Does the group pcguest exist in /etc/group AND the samba database.

I also do not think that it is going to work setting it up like this and 
then altering 'security =', you need to set the machine up as a domain 
member and then try again.

Rowland

More information about the samba mailing list