[Samba] a lot of nonbody session with same pid

Alberto Maria Fiaschi alberto.fiaschi at estar.toscana.it
Tue Apr 20 10:05:37 UTC 2021 

sorry I did the configuration quickly. I don't use acl. However the users work perfectly. Then they are successfully authenticated. Also as I told you not using acl they work as they should on files. The thing that is not explained is because if a machine from a completely unknown domain connects then it does not create nobody sessions, while if you connect a pc from a workgroup, multiple nobody sessions are created. For the file-server workgroup or domain they are equally unknown. You have to explain this to me.

----- Messaggio originale -----
> On 19/04/2021 14:44, Alberto Maria Fiaschi wrote:
> > I not use acl.
> > i just want to use valid user and write list. I want to stick to a purely
> > textual configuration
> > User can read and write
> > User are in group uosi_vpn_rw -
> > Force user are only at level of unix process ... all files are 777 mode .
> > If user  connect from pc in ad  non nobody session are created. but the
> > force usere option is still present.
> > the workgroups have different names.
> > all clients will be with the time passed to ad. but it cannot be done
> > immediately. this is not the correct behavior of the program
> 
> 
> You wrote: I make a test machine. The sever is member of AD domain
> 
> This means that your users should be in AD, yet your ID's are, to put it
> bluntly, totally incorrect your ranges are just wrong.
> 
> Your AD will have a SID in the format:
> 
> S-1-5-21-1234567890-1234567890-1234567890
> 
> If you have other Window or Samba machines that are not in the domain,
> then they will have similar SID's, but the
> '1234567890-1234567890-1234567890' parts will be different, so even if
> the user exists in all the workgroups and domain with the same
> uidNumber, the users will all be different users, also you will not be
> able to use 'winbind user default domain = yes' and you will have to use
> trusts and extra 'idmap config DOMAIN :' lines.
> 
> Now we move to this line you have in the global part of your smb.conf:
> 
> vfs objects = acl_xattr
> 
> You cannot use 'valid users' with that line
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 

-- 
Alberto Maria Fiaschi 
alberto.fiaschi at estar.toscana.it 
ESTAR - Ente di Supporto Tecnico Amministrativo Regionale 
Dip.to Tecnologie Informatiche 
Area: Tecnologie Informatiche Nord-Ovest 
UOC: Reti e Sistemi Area Nord-Ovest 
c/o Azienda Ospedaliero Universitaria Pisana 
Presidio Ospedaliero Spedali Riuniti Santa Chiara 
Via Roma, 67 - 56126 Pisa, Italy 
Tel. +39 050 99 3117 
Fax +39 050 99 3396 
profilo su https://it.linkedin.com/in/alberto-fiaschi

More information about the samba mailing list