Bug 391711 - valid users in smb.conf is broken
valid users in smb.conf is broken
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: samba (Show other bugs)
ia64 Linux
low Severity medium
: ---
: ---
Assigned To: Samba Maint Team
Depends On:
  Show dependency treegraph
Reported: 2007-11-20 04:02 EST by Johan Dahl
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-20 09:42:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Johan Dahl 2007-11-20 04:02:24 EST
Description of problem:
If I have for a share in smb.conf a line saying:
valid users = user1
Will this user not be able to connect to the share. If I have a group like
valid users = @group22
Will it work as expected.

At loglevel 10 do I get this in smbd.log

  Get_Pwnam_internals did find user [user1]!
[2007/11/20 09:31:27, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [ou=Groups,dc=xxx,dc=xxxx,dc=xxx], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=100))], scope => [2]
[2007/11/20 09:31:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
  init_group_from_ldap: Entry found for group: 100
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:check_dom_sid_to_level(663)
  Accepting SID S-1-5-21-3586379953-3555147696-39335545 in level 1
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:lookup_sid(944)
  failed to lookup sid S-1-5-21-3586379953-3555147696-39335545-513
[2007/11/20 09:31:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(236)
  Primary group for user test1 is a UNKNOWN and not a domain group

However users (100) is known an has this entry in the ldap:
dn: cn=users,ou=Groups,dc=sol,dc=lu,dc=se
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 100
cn: users
description: Netbios Domain Users
sambaSID: S-1-5-21-3586379953-3555147696-39335545-513
sambaGroupType: 2
displayName: Domain Users
memberUid: user1
memberUid: ........ etc

Version-Release number of selected component (if applicable):

The problem started after the upgrade to this version

How reproducible:

Steps to Reproduce:
1. use valid users in smb.conf
2. Try to connect with smb client
Actual results:
Can't connect to share

Expected results:
A connection to the share

Additional info:
Comment 1 Simo Sorce 2007-11-20 09:42:05 EST
as stated in the release notes[1] the new update has tightened rules around naming.

The names used in directives like: force user, force group, valid user need
fully qualified names, eg 'DOMAIN\user' not just 'user'

Contact support if you need further info on understanding the issue.


Note You need to log in before you can comment on or make changes to this bug.