SAMBA: valid users ignores local samba user

I have a linux server (SLES12 SP5) in a Windows domain.

>smbd -V
Version 4.10.5-git.192.26ffbcd72313.11.1-SUSE-SLE_12-x86_64

Accessing samba shares with a domain user works very well.

Unfortunately I can’t access the share with a local samba user, if valid users is active.

>useradd -r -g tomcat test
>smbpasswd -a test
>systemctl restart smb.service

>getent passwd test
test:x:480:1002::/home/test:/bin/bash

smb.conf

[global]
    security = ADS
    realm = STL.BWL.NET
    workgroup = STL

    domain master = NO
    local master = NO
    preferred master = NO
    os level = 0

    template homedir = /home/%U
    template shell = /bin/bash
    kerberos method = secrets and keytab
    allow trusted domains = NO

    winbind enum users = YES
    winbind enum groups = YES
    winbind cache time = 10
    winbind use default domain = YES
    winbind refresh tickets = YES

    idmap config STL : backend = rid
    idmap config STL : range = 100000-400000

    idmap config * : backend = tdb
    idmap config * : range = 500000-800000

    ntlm auth = NO
    lanman auth = NO
    client use spnego = YES
    client ntlmv2 auth = YES
    encrypt passwords = YES
    restrict anonymous = 2
    usershare allow guests = NO

    printing = bsd
    printcap name = /dev/null

    map acl inherit = YES
    store dos attributes = YES
    ea support = YES

    public = NO
    browseable = YES
    writeable = YES
    guest ok = NO

    create mask = 0660
    directory mask = 0770

[web]
        path = /web
        valid users = @GRP_R13_QS STL1408

[tomcat]
        path = /web/tomcat
        valid users = test

Go to Source
Author: stalachristian

LDAP + SAMBA problems

After setting up my openldap on centos 7 i got a problem while integrating samba !
i followed the steps of many tuto :
exemple : https://admin.shamot.cz/?p=470
but i found a problem while taping that command :
net getlocalsid
i got an error :
ailed to bind to server ldap://172.16.0.180 with dn=”cn=ldapadm” Error: Invalid credentials
(unknown)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
pdb backend ldapsam:ldap://172.16.0.180 did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
WARNING: Could not open passdb

Go to Source
Author: Bruce

AD users unable to access Samba Share

I have a RHEL 7.6 server joined to AD using sssd and realm. I am able to ssh into the Linux servers as AD users, but the same users are unable to access the Samba share configured in the server. When I try to access the share from Windows Server 2012 R2 Standard, it keeps prompting me for the password.

This is how I configured smb.conf

client signing =yes
client use spnego =yes
kerberos method = secrets and keytab
log file = /var/log/samba/%m.log
###ntlm auth =yes

template homedir = /home/%U

idmap config * : backend = tdb
idmap config * :  range = 10000-199999
idmap config DOMAIN: backend = sss
idmap config DOMAIN : range = 200000-2147483647

Please check and let me know how I can let AD users to access the shared directories.

Go to Source
Author: rohit pillai

Why I am unable to mount a CIFS from my server?

I have setup the samba on CENTOS 8 like that:

[global]
    workgroup = WORKGROUP
    security = user
    passdb backend = tdbsam

[e-table]
    path=/mnt/md0
    browseable=yes
    read only = no
    force create mode = 0660
    force directory mode = 2770
    valid users = lena

and /mnt has the following permissions:

$ ls -l /mnt
drwxrwxrwx. 27 lena lena 4096 Oct 18  2019 md0

But I get the following error on /var/log/samba:

[2020/06/16 17:46:15.738033,  0] ../../source3/smbd/service.c:784(make_connection_snum)
  make_connection_snum: canonicalize_connect_path failed for service e-table, path /mnt/md0

At the same time the client retrieves the following error:

error shown in client

So do you have any idea why that happens? Does affect that on the same time an huge rsync operation is performed on this file as well?

Go to Source
Author: Dimitrios Desyllas