[Samba] "force user" option with NT4 domain
Rowland Penny
rowlandpenny at googlemail.com
Fri Oct 17 13:50:16 MDT 2014
On 17/10/14 20:38, Bowie Bailey wrote:
> On 10/17/2014 3:24 PM, Rowland Penny wrote:
>> On 17/10/14 20:15, Bowie Bailey wrote:
>>>
>>> I noticed that there were some fixes for "force user" problems in
>>> Samba 4.1.6. CentOS 7 is still providing 4.1.1. Could that be the
>>> issue? I am investigating alternate sources for a newer package.
>>>
>> It could be, what OS are you using and in the mean time please post your
>> smb.conf.
>
> The OS is CentOS 7. I currently have it set with "security = user"
> for testing. Once I get it working, it will need to be "security =
> domain" and connected to an NT domain. Either way, the problem was
> exactly the same.
>
> Normally, I connect to the shares from a Windows box. If I connect
> from linux with smbclient, I see this error:
>
> tree connect failed: NT_STATUS_INVALID_SID
>
> If I remove the "force user" option, the error goes away and I get
> access to the share.
>
> Here is the smb.conf. I have edited out a bunch of share definitions
> that do not relate to this discussion.
>
> [global]
> workgroup = BUCINTL
> server string = Network Storage Server
> netbios name = BNIFSTORE2
> hosts allow = 10.8.0. 172.16. except 172.16.17.
> hosts deny = 172.16.17.
> log file = /var/log/samba/log.%m
> max log size = 5000
> log level = 1
> security = user
> passdb backend = tdbsam
> domain master = no
> local master = no
> preferred master = no
> wins support = no
> wins server = 172.16.1.12
> dns proxy = no
>
> [homes]
> comment = Home Directories
> path = /home/shares/private/%S
> browseable = no
> writable = yes
> create mask = 600
> directory mask = 700
> valid users = %S
>
> [public]
> comment = Public Share
> path = /home/shares/public/public
> public = yes
> guest ok = yes
> only guest = yes
> writeable = yes
> browsable = yes
> printable = no
>
> [test]
> path = /home/shares/test
> public = yes
> writeable = yes
> browseable = yes
> force user = bowieb, pcguest
> valid users = bowieb
>
Firstly, you are not using a NT4 domain, you have a standalone server,
secondly, does the user pcguest exist in /etc/passwd AND the samba
database. Does the group pcguest exist in /etc/group AND the samba database.
I also do not think that it is going to work setting it up like this and
then altering 'security =', you need to set the machine up as a domain
member and then try again.
Rowland
More information about the samba
mailing list