Bug 6026 - smbd needs to be restarted when a new user is added on Windows AD (otherwise, the new user cannot access shares)
Summary: smbd needs to be restarted when a new user is added on Windows AD (otherwise,...
Status: RESOLVED WORKSFORME
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: User/Group Accounts (show other bugs)
Version: 3.0.24
Hardware: Sparc Windows XP
: P3 major
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-12 11:37 UTC by Chris Guild
Modified: 2021-01-04 15:47 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Guild 2009-01-12 11:37:19 UTC
As seen below within the smb.conf, the shares are exported as such:

[cc]
    path = /cc
    comment = directory
    directory mask = 0775
    create mask = 0775
    valid users = @ccuser
    read list = @ccuser
    write list = @ccuser
    writeable = yes
    public = no
    case sensitive = no
    default case = lower
    preserve case = yes
    short preserve case = yes
    mangled names = no
    fake directory create times = true
    dos filetime resolution = true
    map archive = no
    map hidden = no
    map system = no
    follow symlinks = yes
    wide links = yes
    browseable = yes


When the Windows Administrators add a new user, even if they make sure they are within the ccuser group, the smbd must be stopped and restarted before the new user account is allowed to authenticate against the share.

The workaround is to include every single user account within the “valid users=” line, and then the new users created are authenticated successfully.

Please let us know how to proceed.


# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not many any basic syntactic errors. 
#
#======================= Global Settings =====================================
[global]

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
   workgroup = NORDLB-IT
#   server string = ccadm nitsol50
   netbios name = nitaix59

# security local
  hosts deny = ALL
  hosts allow = 14.2.0.0/255.255.0.0 14.50.130.0/255.255.255.0 14.50.176.0/255.255.255.0 14.50.178.0/255.255.255.0 14.50.180. 14.50.181. 14.50.182. 14.50.183. 14.50.184. 14.50.185. 14.50.179. 14.50.251. 14.50.125. 127.

# Security mode
   security = domain
   password server = nitw0301 nitw0302
   encrypt passwords = yes

# Printer section
   load printers = no
;   printcap name = /etc/printcap
;   printcap name = lpstat
;   printing = bsd

# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
;  guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
   log file = /opt/pware/samba/3.0.28/var/log.%m
   include = /opt/pware/samba/3.0.28/var/smb.conf.%m
    max log size = 20000


# Configure Samba to use multiple interfaces
    interfaces = 14.50.176.159/24

# Browser Control Options:
   local master = yes
   os level = 33
   domain master = no 
   preferred master = no


# WINS section
   wins support = no
   wins server = 14.50.178.10 14.50.178.20
;  name resolve order = wins host bcast
   remote announce = 14.50.178.255
;  browse list = yes
;   remote browse sync = 14.2.74.201
   wins proxy = no
   dns proxy = no

#-----------------------------------------------------------------------------
# performance parameters
#-----------------------------------------------------------------------------
   debug level = 0
   kernel oplocks = no
   oplocks = no
   level2 oplocks = no
   socket options = TCP_NODELAY
   wide links = no
   deadtime = 15
   keep alive = 120
   getwd cache = yes
   read raw = yes
   write raw = yes
   max open files = 5000
   dos charset = CP850
   unix charset = ISO8859-1
   display charset = LOCALE
   host msdfs = no
   bind interfaces only = no
#
# user mapping for clear case
username map = /usr/local/samba/lib/usermap.txt 

#============================ Share Definitions ==============================

[homes]
    comment = Home Directories
    directory mask = 0000
    create mask = 0000
    force directory mode = 0774
    force create mode = 0664
    valid users = %S
    guest ok = no
    writable = yes
    public = no
    case sensitive = no
    default case = lower
    preserve case = yes
    short preserve case = yes
    mangled names = no
    fake directory create times = true
    dos filetime resolution = true
    follow symlinks = yes
    wide links = yes
    browseable = no

[cc]
    path = /cc
    comment = directory
    directory mask = 0775
    create mask = 0775
    valid users = @ccuser
    read list = @ccuser
    write list = @ccuser
    writeable = yes
    public = no
    case sensitive = no
    default case = lower
    preserve case = yes
    short preserve case = yes
    mangled names = no
    fake directory create times = true
    dos filetime resolution = true
    map archive = no
    map hidden = no
    map system = no
    follow symlinks = yes
    wide links = yes
    browseable = yes

[ccadm]
    path = /home/ccadm
    comment = directory
    directory mask = 0000
    create mask = 0000
    force directory mode = 0774
    force create mode = 0664
    force group =
    force user =
    guest ok = no
    valid users = ccadm
    read list = ccadm
    write list = ccadm
    writeable = yes
    public = no
    case sensitive = no
    default case = lower
    preserve case = yes
    short preserve case = yes
    mangled names = no
    fake directory create times = true
    dos filetime resolution = true
    follow symlinks = yes
    wide links = yes
    browseable = yes
Comment 1 Björn Jacke 2021-01-04 15:47:13 UTC
works for me (if the user connects with an up-to-date logon token, reflecting the changes group membership)