391711 – valid users in smb.conf is broken

Bug 391711 - valid users in smb.conf is broken

Summary: valid users in smb.conf is broken

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	samba
Sub Component:
Version:	4.0
Hardware:	ia64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Samba Maint Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-11-20 09:02 UTC by Johan Dahl
Modified:	2007-11-30 22:07 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-11-20 14:42:05 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Johan Dahl 2007-11-20 09:02:24 UTC

Description of problem:
If I have for a share in smb.conf a line saying:
valid users = user1
Will this user not be able to connect to the share. If I have a group like
valid users = @group22
Will it work as expected.

At loglevel 10 do I get this in smbd.log

 lib/username.c:Get_Pwnam_internals(108)
  Get_Pwnam_internals did find user [user1]!
[2007/11/20 09:31:27, 5] lib/smbldap.c:smbldap_search_ext(1182)
  smbldap_search_ext: base => [ou=Groups,dc=xxx,dc=xxxx,dc=xxx], filter =>
[(&(objectClass=sambaGroupMapping)(gidNumber=100))], scope => [2]
[2007/11/20 09:31:27, 2] passdb/pdb_ldap.c:init_group_from_ldap(2158)
  init_group_from_ldap: Entry found for group: 100
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:check_dom_sid_to_level(663)
  Accepting SID S-1-5-21-3586379953-3555147696-39335545 in level 1
[2007/11/20 09:31:27, 10] passdb/lookup_sid.c:lookup_sid(944)
  failed to lookup sid S-1-5-21-3586379953-3555147696-39335545-513
[2007/11/20 09:31:27, 3] passdb/pdb_get_set.c:pdb_get_group_sid(236)
  Primary group for user test1 is a UNKNOWN and not a domain group

However users (100) is known an has this entry in the ldap:
dn: cn=users,ou=Groups,dc=sol,dc=lu,dc=se
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 100
cn: users
description: Netbios Domain Users
sambaSID: S-1-5-21-3586379953-3555147696-39335545-513
sambaGroupType: 2
displayName: Domain Users
memberUid: user1
memberUid: ........ etc




Version-Release number of selected component (if applicable):
samba-3.0.25b-1.el4_6.2

The problem started after the upgrade to this version

How reproducible:
always


Steps to Reproduce:
1. use valid users in smb.conf
2. Try to connect with smb client
3. Get the error NT_STATUS_ACCESS_DENIED
  
Actual results:
Can't connect to share

Expected results:
A connection to the share

Additional info:

Comment 1 Simo Sorce 2007-11-20 14:42:05 UTC

Johan,
as stated in the release notes[1] the new update has tightened rules around naming.

The names used in directives like: force user, force group, valid user need
fully qualified names, eg 'DOMAIN\user' not just 'user'

Contact support if you need further info on understanding the issue.

[1]http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/release-notes/RELEASE-NOTES-U6-x86-en.html

Note You need to log in before you can comment on or make changes to this bug.