Re: User invalid SID with home directory - Bueller?

[Wes Modes <wmodes@xxxxxxxx>]

So even though I see this popping up in tons of posts, no one has 
encountered it and successfully solved the problem or can illuminate the 
issue?

Here's what I did not knowing what else to do:

  1. Deleted the account.  (smbldap-userdel)
  2. Recreated the account  (smbldap-useradd)
  3. Searched for any files owned by the old user, and chown'd them to
     the new user

It is not an elegant solution, but it is the only one I have now.  So 
far I haven't gotten any accounts that have had the problem reoccur.  
But I'm waiting to see.

Wes


Wes Modes wrote:
> I'm having the problem in which users can access their group shares, 
> but not their home shares.  These two shares are defined thusly in 
> smb.conf:
>
>    [seref]
>            comment = Science & Engineering Reference Section
>            path = /data/group/seref
>            valid users = @seref, @seref-read, @admin
>            read list = @seref-read
>            write list = @seref, @admin
>            force group = seref
>            create mask = 0664
>            directory mask = 0770
>
>    [home]
>            comment = %u's Personal Share Directory
>            path = /data/home/%U
>            valid users = %U, @admin
>            write list = %U, @admin
>            create mask = 0600
>            directory mask = 0700
>            browseable = No
>
>
> It seems that the %U variable, causes Samba to do a 
> lookup_global_sam_name which fails.
>    [root@fileserver]# smbclient -Ujoeblow
>    '\\edgar.library.ucsc.edu\home' xxxxxxxx
>           tree connect failed: NT_STATUS_ACCESS_DENIED
>
>
> Here's the relevant section of the log:
>
>    passdb/pdb_ldap.c:init_sam_from_ldap(545)
>        init_sam_from_ldap: Entry found for user: joeblow
>    passdb/pdb_ldap.c:init_group_from_ldap(2158)
>        init_group_from_ldap: Entry found for group: 30023
>    passdb/passdb.c:lookup_global_sam_name(596)
>        User joeblow with invalid SID
>    S-1-5-21-2642364908-3785178431-1037763545-61756 in passdb
>    passdb/pdb_ldap.c:init_group_from_ldap(2158)
>      init_group_from_ldap: Entry found for group: 1001
>    smbd/service.c:make_connection_snum(616)
>        user 'joeblow' (from session setup) not permitted to access this
>    share (home)
>
>
> Please note that I am not using the ADS security model, nor do I care 
> to at the moment.  Here's the significant part of my smb.conf:
>
>    ### Basic information for server
>            workgroup = MCHSTAFF
>            netbios name = EDGAR
>            server string = Library Samba Server
>            hosts allow = 169.233.
>            hosts allow = 128.114.
>            enable privileges = yes
>            security = user
>            encrypt passwords = yes
>            preferred master = yes
>            domain master = yes
>            domain logons = yes
>            local master = yes
>            username map = /etc/samba/smbusers
>            logon path =
>            wins support = yes
>            dns proxy = no
>
> So why I am I getting the failure "User joeblow with invalid SID"?
>
> Wes

--

Wes Modes
Server Administrator & Programmer Analyst
McHenry Library
Computing & Network Services
Information and Technology Services
459-5208
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba