Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 391711

Summary: valid users in smb.conf is broken
Product: Red Hat Enterprise Linux 4 Reporter: Johan Dahl <johan.dahl>
Component: sambaAssignee: Samba Maint Team <samba-bugs-list>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 4.0CC: johan.dahl
Target Milestone: ---   
Target Release: ---   
Hardware: ia64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-20 14:42:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johan Dahl 2007-11-20 09:02:24 UTC 
Description of problem:
If I have for a share in smb.conf a line saying:
valid users = user1
Will this user not be able to connect to the share. If I have a group like
valid users = @group22
Will it work as expected.

At loglevel 10 do I get this in smbd.log

 lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals did find user [user1]!
[2007/11/20 09:31:27, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [ou=Groups,dc=xxx,dc=xxxx,dc=xxx], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=100))], scope => [2]
[2007/11/20 09:31:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
  init_group_from_ldap: Entry found for group: 100
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:check_dom_sid_to_level(663)
  Accepting SID S-1-5-21-3586379953-3555147696-39335545 in level 1
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:lookup_sid(944)
  failed to lookup sid S-1-5-21-3586379953-3555147696-39335545-513
[2007/11/20 09:31:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(236)
  Primary group for user test1 is a UNKNOWN and not a domain group

However users (100) is known an has this entry in the ldap:
dn: cn=users,ou=Groups,dc=sol,dc=lu,dc=se
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 100
cn: users
description: Netbios Domain Users
sambaSID: S-1-5-21-3586379953-3555147696-39335545-513
sambaGroupType: 2
displayName: Domain Users
memberUid: user1
memberUid: ........ etc




Version-Release number of selected component (if applicable):
samba-3.0.25b-1.el4_6.2

The problem started after the upgrade to this version

How reproducible:
always


Steps to Reproduce:
1. use valid users in smb.conf
2. Try to connect with smb client
3. Get the error NT_STATUS_ACCESS_DENIED
  
Actual results:
Can't connect to share

Expected results:
A connection to the share

Additional info:
Comment 1 Simo Sorce 2007-11-20 14:42:05 UTC 
Johan,
as stated in the release notes[1] the new update has tightened rules around naming.

The names used in directives like: force user, force group, valid user need
fully qualified names, eg 'DOMAIN\user' not just 'user'

Contact support if you need further info on understanding the issue.

[1]http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/release-notes/RELEASE-NOTES-U6-x86-en.html