Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1135723

Summary: [Samba] Does not work 'force user' from a client machine Windows 8.1 x64.
Product: Red Hat Enterprise Linux 7 Reporter: rsync <clustershell>
Component: sambaAssignee: Andreas Schneider <asn>
Status: CLOSED ERRATA QA Contact: Robin Hack <rhack>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.0CC: alvin, asn, deamicis, gdeschner, jarrpa, jkhradil, pkulkarn, rhack, sbose, szhao
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: samba-4.1.12-2.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-03-05 09:22:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description rsync 2014-08-30 20:50:32 UTC 
Description of problem:

From a Windows client machine, "force user" is ignored in CentOS 7-1406 and Samba 4.1.1-37, does not allow connection in windows 8.1 x86.

I have to put "valid users = user" but does not allow me to force user, it is only allowed to "force group = user"

With samba 3.x works perfect.

Version-Release number of selected component (if applicable):

samba-libs-4.1.1-37.el7_0.x86_64
samba-client-4.1.1-37.el7_0.x86_64
samba-common-4.1.1-37.el7_0.x86_64
samba-4.1.1-37.el7_0.x86_64


How reproducible:

Always



Steps to Reproduce:

useradd -M user -s /sbin/login

smbpasswd -a user 

setsebool -P samba_export_all_rw on

chcon -t samba_share_t /var/www/html

ls -lsa

total 8
0 drwxr-xr-x. 4 root root 31 Aug 20 21:54 .
4 drwxr-xr-x. 22 root root 4096 Aug 20 22:36 ..
0 drwxr-xr-x. 2 root root 6 Jul 23 16:48 cgi-bin
4 drwxrwxr-x. 34 root users 4096 Aug 24 06:51 html

pwd 

/var/www

cd /etc

cat group 

root:x:0:
bin:x:1:
daemon:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mem:x:8:
kmem:x:9:
wheel:x:10:
cdrom:x:11:
mail:x:12:postfix
man:x:15:
dialout:x:18:
floppy:x:19:
games:x:20:
tape:x:30:
video:x:39:
ftp:x:50:
lock:x:54:
audio:x:63:
nobody:x:99:
users:x:100:user
utmp:x:22:
utempter:x:35:
ssh_keys:x:999:
systemd-journal:x:190:
dbus:x:81:
polkitd:x:998:
avahi:x:70:
avahi-autoipd:x:170:
dip:x:40:
postdrop:x:90:
postfix:x:89:
chrony:x:997:
sshd:x:74:
apache:x:48:
mysql:x:27:
named:x:25:
samba:x:1001:
user:x:1002:
---

smb.conf

workgroup = HOME
server string = Samba Server Version %v
netbios name = LINUX
hosts allow = 127. 192.168.0.
log file = /var/log/samba/log.%m
max log size = 50
security = user
passdb backend = tdbsam
local master = yes
os level = 64
preferred master = yes
[webs]
        comment = webs
        path = /var/www/html
        guest ok = no
        read only = no
        write list = @users
        directory mask = 0755
        create mask = 0644
        force user = apache
        force group = apache

Actual results:


Expected results:


Additional info:

I have put a report in bugs.centos.org and they have advised me to put it here. I put you the following link

http://bugs.centos.org/view.php?id=7535


Changes since 4.1.6:
--------------------

o   Jeremy Allison <jra>
    * BUG 9878: Make "force user" work as expected.
    * BUG 9942: Fix problem with server taking too long to respond to a
      MSG_PRINTER_DRVUPGRADE message.
    * BUG 9993: s3-printing: Fix obvious memory leak in
      printer_list_get_printer().
    * BUG 10344: SessionLogoff on a signed connection with an outstanding notify
      request crashes smbd.
    * BUG 10431: Fix STATUS_NO_MEMORY response from Query File Posix Lock request.
    * BUG 10508: smbd: Correctly add remote users into local groups.
    * BUG 10534: Cleanup messages.tdb record after unclean smbd shutdown.

http://bugs.centos.org/view.php?id=7535
Comment 2 Andreas Schneider 2014-09-16 11:52:12 UTC 
*** Bug 1128079 has been marked as a duplicate of this bug. ***
Comment 6 Nicolas De Amicis 2014-12-01 10:33:26 UTC 
Why this bug is on ON_QA since 2 months?
Comment 9 Alvin Austin 2014-12-02 23:39:20 UTC 
I can also confirm that this bug exists with our CentOS 7 Samba servers that are authenticating using Winbind against a Windows 2010 AD server. Details:

(1) # cat /etc/redhat-release 
CentOS Linux release 7.0.1406 (Core)


(2) # rpm -qa | sort | grep samba
samba-4.1.1-37.el7_0.x86_64
samba-client-4.1.1-37.el7_0.x86_64
samba-common-4.1.1-37.el7_0.x86_64
samba-libs-4.1.1-37.el7_0.x86_64
samba-winbind-4.1.1-37.el7_0.x86_64
samba-winbind-clients-4.1.1-37.el7_0.x86_64
samba-winbind-modules-4.1.1-37.el7_0.x86_64

(all current as at today's date)


(3) # cat /etc/samba/smb.conf

[global]
   workgroup = MYAD 
   realm = ad.MYDOMAIN.com
   netbios name = server2
   server string = server2
   security = ads
   encrypt passwords = Yes
   password server = *
   hosts allow = 10.0.5. 127.
   log file = /var/log/samba/log.%m
   max log size = 50
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   os level = 18
   local master = No
   dns proxy = No
   winbind uid = 10000-20000
   winbind gid = 10000-20000
   winbind separator = +
   template homedir = /home/%D/%U
   template shell = /bin/bash
   winbind use default domain = yes
   delete veto files = no
   hide dot files = Yes
   hide files = /.*/|~*/
   load printers = no

[users]
   comment = Share to backup user common documents
   path = /u/users/common
   hosts allow = 10.0.5.27
   valid users = MYAD+admin MYAD+backup
   public = no
   writable = no
   printable = no
   force user = root


(4) From Windows:

C:\>net view \\server2
Shared resources at \\server2

server2

Share name            Type  Used as  Comment

-------------------------------------------------------------------------------
users                 Disk           Share to backup user common documents
The command completed successfully.


C:\> net view \\server2\users
System error 53 has occurred.

The network path was not found.


C:\>dir \\server2\u
The security ID structure is invalid.


(5) Note: if the "force user = root" directive is omitted,
the share can be accessed, but some files are not accessible
because of the lack of permissions.


It would be *really great* to have this working again (this is not an issue with CentOS 6 Samba servers).  Thank you!
Comment 10 Nicolas De Amicis 2015-01-06 13:51:09 UTC 
We are waiting on Bodhi to release the update, why it's not released?
Comment 11 Song Zhao 2015-02-12 00:30:47 UTC 
We are also experiencing this bug with Windows 7 Professional 64 bit clients and Centos 7 server:

1) # cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

2) # rpm -qa|grep samba
samba-client-4.1.1-37.el7_0.x86_64
samba-4.1.1-37.el7_0.x86_64
samba-libs-4.1.1-37.el7_0.x86_64
samba-common-4.1.1-37.el7_0.x86_64

3) # cat smb.conf
[global]
        workgroup = MYDOMAIN
        netbios name = dev
        security = domain
        interfaces = 192.168.1.255/24

        ..snip..

[svn]
        path = /home/clients/svn/home
        force user = svn
        force group = svn
        valid users = svn @mycompany
        browseable = yes
        read only = no
        write list = svn @developers

        ..snip..

I can successfully connect to the server and see the shares in Windows Explorer and with 'smbclient -L' but am unable to connect to any of them.
Comment 13 errata-xmlrpc 2015-03-05 09:22:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0409.html