Hi, I've got a problem with a samba server I inherited which I can't solve.
I think it's the configuration rather than the version because I have the same problem with a 3.0.14 and a 3.0.11 Samba server with almost identical configurations. Both authenticate against LDAP, one has an old smbpasswd file which should no longer be in use.
The issue is that when I click "Properties... Security" in Windows on something shared on the samba server, all the groups come up OK but users are displayed as (for example) "Account Unknown {S-1-5-21-4012146134-3166284455-2856603714-3038)".
I've checked, and that account SID is correct. However, I'd expect it to eventually resolve to a username - it doesn't. Google suggests this may be a known issue in older versions of Samba, but not 3.x.
I've noticed that this isn't true for all owners - on one server I've got an smbpasswd file and anyone whose SID is in there resolves just fine. But not everyone's SID is in there.
This issue aside, Samba is handling user authentication just fine - I can only access the shares I should - but setting up security on individual folders from Windows isn't terribly usable like this.
I'm not sure where to look next. The Samba server running 3.0.14 isn't live yet, so I can do more-or-less what I like with the configuration. The 3.0.11 server, however, is live, so I don't want to mess with the configuration until I've got a better idea of what I need to do to fix it.
James Cort smb.conf: [global] # 1. Server Naming Options: # workgroup = NT-Domain-Name or Workgroup-Name workgroup = U4EA server string = Poteen Samba Server %v # 3. Logging Options: # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba3/log.%m max log size = 50 log level = 10 # 4. Security and Domain Membership Options: # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and hosts allow = 172.30. 192.168.22. 172.16.1 127. # Allow users to map to guest: map to guest = bad user # Security mode. Most people will want user level security. See # security_level.txt for details. security = user encrypt passwords = yes # 5. Browser Control and Networking Options: # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT domain controller doing this job ; domain master = yes # Preferred Master causes Samba to force a local browser election on startup # and gives it a slightly higher chance of winning the election preferred master = no passdb backend = ldapsam:ldap://cygnus_new/ ldap admin dn = cn=smbadmin,dc=u4eatech,dc=com ##ldap filter = "(&(uid=%u) (objectclass=sambaAccount))" ldap filter = "(&(uid=%u)(objectclass=sambaSamAccount))" #ldap filter = "(uid=%u)" idmap backend = ldap:ldaps//cygnus_new/ ldap suffix = dc=u4eatech,dc=com ldap user suffix = ou=People ldap group suffix = ou=Group ldap passwd sync = yes ldap delete dn = no #add user script = /usr/local/sbin/smbldap-useradd -m "%u" #ldap delete dn = Yes # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no [homes] comment = Home Directories browseable = yes writable = yes ##### other directories # Export a share for testing team members [testing] path = /home/testing comment = Testing Data writable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
