[Samba] Samba as AD member can not validate domain user

jd at ionica.lv jd at ionica.lv
Sun Apr 12 03:32:19 MDT 2015 

Hi!

the previous problems were solved (thank you, Rowland!), but few  
issues remains:

I get such msg in log:
0. Is it possible to tell samba to output messages in logs as one line  
per message (even if it is long one?)

1. 2015/04/12 11:32:39.293583,  3]  
../source3/smbd/msdfs.c:971(get_referred_path)
  get_referred_path: |shareX| in dfs path \FS\shareX is not a dfs root.
(seems it is not making problems as access to other shares giving such  
error not influences anything)


2. 2015/04/12 11:32:18.852138,  3]  
../libcli/security/dom_sid.c:209(dom_sid_parse_endp) string_to_sid:  
SID @INTERNAL\\group is not in a valid format

such messages I get after attempt to open a share (from smb.conf):
[shareX]
         comment = What it serves
         path = /home/shares/data/sharex
         browseable = yes
         read only = no
         valid users = @"INTERNAL\\group"
         force group = @"INTERNAL\\group"
         force create mode = 0660
         force directory mode = 0770

the directory is owned by a domain user, which is not the member of  
INTERNAL\\group and group ownership of the dir is INTERNAl\\group. I  
do not understand why in that particular case it is important, because  
the other, working shares, has the same domain user as owner having  
their own specific domain group ownership.

At the moment I have two non working shares for the specific group and  
one - with Domain Users.

In all cases Windows client argues that group name can not be found.  
If for the first two cases it could have some salt, for the other -  
not at all, because other shares accessible to Domain Users and having  
respective group ownership works.

getent group INTERNAL\\group gives correct domain group information.

The other issue I have - if the user is not a member of particular  
domain group, but has the right to accees the share, it is requested  
to enter username/pw, but can not access it anyway:

[shareY]
         comment = Other share
         path=/home/shares/data/shareY
         browseable = yes
         read only = no
         valid users = @INTERNAL\\group1, @INTERNAL\\otheruser
         force group = @INTERNAL\\group1
         force create mode = 0660
         force directory mode = 0770



Janis

More information about the samba mailing list