[Samba] Shares stopped working for groups

Rowland penny rpenny at samba.org
Fri Jul 17 20:05:55 UTC 2020

On 17/07/2020 19:57, Nick Howitt via samba wrote:
> Hi,
> I have a ClearOS 7.8 system which is running 
> samba-4.10.4-11.el7_8.x86_64, and it upgraded to this just over a week 
> ago (probably not relevant). A couple of days ago all the group shares 
> failed. I discovered that if I switched them to the built-in group 
> "allusers" the share worked fine. It fails for any user-defined group 
> but it used to work. Samba is running as a PDC and the configs, 
> including one share are:
> If I change the valid users to the "allusers" group and change the 
> folder permissions, it works fine.
>    [root at server ~]# wbinfo --group-info='allusers'
>    allusers:x:63000:

Interesting, you have: idmap config * : range = 20000000-29999999

So where is '63000' coming from ?

>    Jul 16 04:34:28 server winbindd[21471]: [2020/07/16
>    04:34:28.069299,  0]
>    ../../source3/winbindd/idmap_ldap.c:85(get_credentials)
>    Jul 16 04:34:28 server winbindd[21471]:  get_credentials: Unable to
>    fetch auth credentials for cn=manager,ou=Internal,dc=sha,dc=lan in *
> I have tried clearing the winbindd_cache.tdb and gencache.tdb but am 
> wary of clearing anything else without instruction.

Have you run these commands :

smbpasswd -w <ldap password>
net idmap set secret '*' <ldap password>

ClearOS is in for an interesting time when they upgrade to version 8, no 
Openldap or smbldap-tools, or to put it another way, can I suggest you 
jump distro and upgrade to AD.


More information about the samba mailing list