Bug 391711 - valid users in smb.conf is broken
valid users in smb.conf is broken
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
4.0
ia64 Linux
low Severity medium
: ---
: ---
Assigned To: Samba Maint Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-11-20 04:02 EST by Johan Dahl
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-20 09:42:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Johan Dahl 2007-11-20 04:02:24 EST
Description of problem:
If I have for a share in smb.conf a line saying:
valid users = user1
Will this user not be able to connect to the share. If I have a group like
valid users = @group22
Will it work as expected.

At loglevel 10 do I get this in smbd.log

 lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals did find user [user1]!
[2007/11/20 09:31:27, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [ou=Groups,dc=xxx,dc=xxxx,dc=xxx], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=100))], scope => [2]
[2007/11/20 09:31:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
  init_group_from_ldap: Entry found for group: 100
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:check_dom_sid_to_level(663)
  Accepting SID S-1-5-21-3586379953-3555147696-39335545 in level 1
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:lookup_sid(944)
  failed to lookup sid S-1-5-21-3586379953-3555147696-39335545-513
[2007/11/20 09:31:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(236)
  Primary group for user test1 is a UNKNOWN and not a domain group

However users (100) is known an has this entry in the ldap:
dn: cn=users,ou=Groups,dc=sol,dc=lu,dc=se
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 100
cn: users
description: Netbios Domain Users
sambaSID: S-1-5-21-3586379953-3555147696-39335545-513
sambaGroupType: 2
displayName: Domain Users
memberUid: user1
memberUid: ........ etc




Version-Release number of selected component (if applicable):
samba-3.0.25b-1.el4_6.2

The problem started after the upgrade to this version

How reproducible:
always


Steps to Reproduce:
1. use valid users in smb.conf
2. Try to connect with smb client
3. Get the error NT_STATUS_ACCESS_DENIED
  
Actual results:
Can't connect to share

Expected results:
A connection to the share

Additional info:
Comment 1 Simo Sorce 2007-11-20 09:42:05 EST
Johan,
as stated in the release notes[1] the new update has tightened rules around naming.

The names used in directives like: force user, force group, valid user need
fully qualified names, eg 'DOMAIN\user' not just 'user'

Contact support if you need further info on understanding the issue.

[1]http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/release-notes/RELEASE-NOTES-U6-x86-en.html

Note You need to log in before you can comment on or make changes to this bug.