[Samba] force user gives access denied unless SAM entry?
Kip Kennedy
kiptonk at gmail.com
Tue Nov 16 21:56:58 UTC 2021
> The user must be authenticated before it gets anywhere near the share
> and with your setup if the user is authenticated and is allowed
> read/write access to the share everything will be saved as your 'forced
> user'
> However, 'bob' will never be allowed access by Samba (not unless guest
> access is set up correctly) because Samba hasn't got a clue who 'bob'
> is.
Sorry if it wasn't clear, I am authenticating and connecting fine as
'alice'. I can then change directories and list files without error
(file system reading as 'bob'). Only when I try and write do I receive
an Access Denied (file system writing as 'bob').
Why should 'bob' need Samba authentication? As I read it, force user is
used only for Linux file permissions. Shouldn't 'bob' need only exist as
a local Linux account?
The log is showing an error about a SID / SAM lookup for 'bob'. Unless
force user is also attempting to force SID mappings shouldn't the
connected 'alice' be used for those SID lookups, not 'bob'? If I add
'bob' to the SAM - even as a disabled account - the write will succeed.
More information about the samba
mailing list