[Samba] a lot of nonbody session with same pid
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
Tue Apr 20 10:05:37 UTC 2021
sorry I did the configuration quickly. I don't use acl. However the users work perfectly. Then they are successfully authenticated. Also as I told you not using acl they work as they should on files. The thing that is not explained is because if a machine from a completely unknown domain connects then it does not create nobody sessions, while if you connect a pc from a workgroup, multiple nobody sessions are created. For the file-server workgroup or domain they are equally unknown. You have to explain this to me.
----- Messaggio originale -----
> On 19/04/2021 14:44, Alberto Maria Fiaschi wrote:
> > I not use acl.
> > i just want to use valid user and write list. I want to stick to a purely
> > textual configuration
> > User can read and write
> > User are in group uosi_vpn_rw -
> > Force user are only at level of unix process ... all files are 777 mode .
> > If user connect from pc in ad non nobody session are created. but the
> > force usere option is still present.
> > the workgroups have different names.
> > all clients will be with the time passed to ad. but it cannot be done
> > immediately. this is not the correct behavior of the program
>
>
> You wrote: I make a test machine. The sever is member of AD domain
>
> This means that your users should be in AD, yet your ID's are, to put it
> bluntly, totally incorrect your ranges are just wrong.
>
> Your AD will have a SID in the format:
>
> S-1-5-21-1234567890-1234567890-1234567890
>
> If you have other Window or Samba machines that are not in the domain,
> then they will have similar SID's, but the
> '1234567890-1234567890-1234567890' parts will be different, so even if
> the user exists in all the workgroups and domain with the same
> uidNumber, the users will all be different users, also you will not be
> able to use 'winbind user default domain = yes' and you will have to use
> trusts and extra 'idmap config DOMAIN :' lines.
>
> Now we move to this line you have in the global part of your smb.conf:
>
> vfs objects = acl_xattr
>
> You cannot use 'valid users' with that line
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Alberto Maria Fiaschi
alberto.fiaschi at estar.toscana.it
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale
Dip.to Tecnologie Informatiche
Area: Tecnologie Informatiche Nord-Ovest
UOC: Reti e Sistemi Area Nord-Ovest
c/o Azienda Ospedaliero Universitaria Pisana
Presidio Ospedaliero Spedali Riuniti Santa Chiara
Via Roma, 67 - 56126 Pisa, Italy
Tel. +39 050 99 3117
Fax +39 050 99 3396
profilo su https://it.linkedin.com/in/alberto-fiaschi
More information about the samba
mailing list