I am seeing problems similar to bug# 3741 and bug# 3940, but the problem seems to be more a general problem with 'valid users'. For some reason samba seems to think that it want to turn UNIX groups into SIDs (to look like 'S-<something>') which doesn't make sense. We are running FC4 on x86 and just upgraded samba via RPMs from 3.0.14a-2 to 3.0.23. With the upgrade to 3.0.23 all shares using 'valid users'. We have a 'homes' share using valid users = %S and also shares using UNIX groups, but both have stopped working. The only work around I have found is to comment out the 'valid users' lines in smb.conf altogether. NOTE: We are not using 'winbindd' and have users setup in /etc/passwd and /etc/group to give the users that have access the proper UNIX uid/gid(s). We were using 'security = DOMAIN' but I switched to 'security = ADS' with the hopes that the changes might help samba work, however the changes have not helped to fix the problem. Relevant info from the config (with company/domain name modified for their privacy): [global] log level = 3 auth:10 workgroup = STK realm = STK.LOCAL security = ADS [homes] writable = yes valid users = %S [webdev] path = /usr/local/webdev valid users = +stkdev, +stkadm ================================================================= Info from the log when trying to access 'webdev' (will try to attach full session log): [2006/07/20 08:49:13, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +stkdev does not start with 'S-'. [2006/07/20 08:49:13, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid +stkadm does not start with 'S-'. [2006/07/20 08:49:13, 2] smbd/service.c:make_connection_snum(571) user 'phil' (from session setup) not permitted to access this share (webdev) When trying to access 'homes' the problem is similar: [2006/07/20 08:33:03, 3] lib/util_sid.c:string_to_sid(223) string_to_sid: Sid phil does not start with 'S-'. Both groups exist and user 'phil' is a member of both of those UNIX groups, in fact his primary group is 'stkdev'. This worked before we upgraded to 3.0.23 but not any more. Any ideas? Phil -- Phil Lobbes <phil at perkpartners.com>
Created attachment 2050 [details] session showing valid users not working with 3.0.23 Full session from connect to access denied with valid users not working for UNIX groups with server = ADS or domain in samba 3.0.23
Please retest using the SAMBA_3_0_23 branch. This is believed to be fixed for 3.0.23a (due in a few days).
*** Bug 3940 has been marked as a duplicate of this bug. ***