Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba 3.6 doesn't accept force user / force group with domain name user
298 views
Skip to first unread message
Jakov Sosic
Sep 21, 2015, 7:20:03 AM9/21/15
to
Hi guys,
I had a samba 3.5.x install (CentOS 6), joined to an AD domain named
EXAMPLE. I also have a local user/group on a linux boxes example:example.
This is an example share:
[app]
path = /home/example/www/app
valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
force user = "example"
force group = "example"
browseable = yes
writeable = yes
guest ok = no
guest only = no
This works perfectly on 3.5.x.
BUT
After upgrading to 3.6.x, everything works EXCEPT that I cannot have
force user or force group set to 'example' in my smb.conf. Windows
clients report the following:
"The user name could not be found"
when I change 'force user' username to something else, I get:
"The group name could not be found".
So, basically, this is what I gotta do to make it work:
[app]
path = /home/example/www/app
valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
force user = "someone"
force group = "else"
browseable = yes
writeable = yes
guest ok = no
guest only = no
And then it works...
Any ideas? Did Samba 3.6 disable the force user with the same name as
the domain? Is there an option that would allow this behaviour?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I had a samba 3.5.x install (CentOS 6), joined to an AD domain named
EXAMPLE. I also have a local user/group on a linux boxes example:example.
This is an example share:
[app]
path = /home/example/www/app
valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
force user = "example"
force group = "example"
browseable = yes
writeable = yes
guest ok = no
guest only = no
This works perfectly on 3.5.x.
BUT
After upgrading to 3.6.x, everything works EXCEPT that I cannot have
force user or force group set to 'example' in my smb.conf. Windows
clients report the following:
"The user name could not be found"
when I change 'force user' username to something else, I get:
"The group name could not be found".
So, basically, this is what I gotta do to make it work:
[app]
path = /home/example/www/app
valid users = @"EXAMPLE\itdesign", @"EXAMPLE\itdev"
force user = "someone"
force group = "else"
browseable = yes
writeable = yes
guest ok = no
guest only = no
And then it works...
Any ideas? Did Samba 3.6 disable the force user with the same name as
the domain? Is there an option that would allow this behaviour?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Jakov Sosic
Sep 23, 2015, 9:50:05 AM9/23/15
to
Any ideas? :(
Jakov Sosic
Sep 23, 2015, 12:10:04 PM9/23/15
to
On 09/21/2015 01:11 PM, Jakov Sosic wrote:
> Any ideas? Did Samba 3.6 disable the force user with the same name as
> the domain? Is there an option that would allow this behaviour?
This is the error that I get with Samba 4.1.23 on EL7:
> the domain? Is there an option that would allow this behaviour?
"The security ID structure is invalid"
Dale Schroeder
Sep 23, 2015, 2:10:04 PM9/23/15
to
Jakov Sosic
Sep 25, 2015, 7:20:04 PM9/25/15
to
On 09/23/2015 07:45 PM, Dale Schroeder wrote:
> Your issue might be this:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1135723
>
> Dale
>
It's obviously bug in 3.6 - although I'm not sure it's the bug from the
> Your issue might be this:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1135723
>
> Dale
>
aforementioned link.
Anyway, this is what I did to circumvent this bug on EL6:
* deploy samba4 el6 tech prev packages instead of samba packages
* rebuild cifs-utils RPM as cifssmb4-utils (linked against samba4-libs)
Now, everything works as expected.
This solutions is OK for me, cause we'll be phasing out EL6 in favor of
EL7 sooner or later (which already has Samba 4.1).
Thanks.
0 new messages