RE: [Samba] Valid users not working on 3.0.23d
I've been watching this thread because I have several shares where like Felipe I'll do valid users = user1, user2, user3 force user = user4 so if there is actually some sort of problem as Felipe is describing, it concerns me. As far as reading the WHATSNEW.txt file, I've gone through it again and maybe its just me but I can't figure out what John might be referring to that could be causing Felipe's issue. I'm speculating John is referring to the way it may now be necessary to include the domain portion in the valid users parameter, ie something along the lines of.. valid users = mydomain\user1, mydomain\user2, mydomain\user3 (actually I've taken to creating a username map with entries like user1=mydomain\user1 user2=mydomain\user2 user3=mydomain\user3 user4=mydomain\user4 and leaving the valid users parameters as they where) Not having the domain portion could cause users Felipe intends allowing to be denied. But, he is having the exact opposite problem, users he intends denying are being allowed. Also, he says that downgrading to 3.0.22 and using the same smb.conf fixes his problem. Personally I can't replicate his issue, although I use domain level security instead of user level level like he is so perhaps thats part of it. Also, I'm curious about what his username map file might be and wonder if the issue could be in there. Tom Schaefer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Monday, February 05, 2007 7:31 PM To: samba@lists.samba.org Subject: Re: [Samba] Valid users not working on 3.0.23d On Monday 05 February 2007 11:05, Papo Napolitano wrote: > Felipe Augusto van de Wiel wrote: > > On 02/02/2007 01:08 PM, Papo Napolitano wrote: > >> Any one still having problems with "valid users" on 3.0.23d? > >> I'm working in "security = USER" mode and with local users only. > >> > >> Share configuration : > >> > >> [private] > >> path = /home/private > >> valid users = papo > >> force user = root > >> force group = root > >> read only = No > >> create mask = 0600 > >> directory mask = 0700 > > > > [...] > > > >> Second test, using a valid but not listed user : > >> > >> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator > >> Password: > >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] > >> smb: \> mkdir 1 > >> smb: \> rmdir 1 > >> smb: \> quit > >> > >> This is wrong, administrator shouldn't write, not even connect to > >> the share. "invalid users" seems to work ok though. > >> I can provide debug logs for both versions if needed. > >> Any hints? > > > > Is your administrator in the list of 'admin users'? > > > >> Thanks.- > > > > Kind regards, > > No, 'admin users' is empty. > Anyway, I'm observing the same behaviour with any account. > Downgrading to 3.0.22 and using the same smb.conf works, I'm going to > try 3.0.24 in the next couple of days just to be sure. > > Thanks.- Please read the WHATSNEW.txt file that ships with Samba-3.0.x. You'll see that the semantics of "valid users" was changed around 3.0.8. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users not working on 3.0.23d
On Monday 05 February 2007 11:05, Papo Napolitano wrote: > Felipe Augusto van de Wiel wrote: > > On 02/02/2007 01:08 PM, Papo Napolitano wrote: > >> Any one still having problems with "valid users" on 3.0.23d? > >> I'm working in "security = USER" mode and with local users only. > >> > >> Share configuration : > >> > >> [private] > >> path = /home/private > >> valid users = papo > >> force user = root > >> force group = root > >> read only = No > >> create mask = 0600 > >> directory mask = 0700 > > > > [...] > > > >> Second test, using a valid but not listed user : > >> > >> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator > >> Password: > >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] > >> smb: \> mkdir 1 > >> smb: \> rmdir 1 > >> smb: \> quit > >> > >> This is wrong, administrator shouldn't write, not even connect > >> to the share. "invalid users" seems to work ok though. > >> I can provide debug logs for both versions if needed. > >> Any hints? > > > > Is your administrator in the list of 'admin users'? > > > >> Thanks.- > > > > Kind regards, > > No, 'admin users' is empty. > Anyway, I'm observing the same behaviour with any account. > Downgrading to 3.0.22 and using the same smb.conf works, I'm going to > try 3.0.24 in the next couple of days just to be sure. > > Thanks.- Please read the WHATSNEW.txt file that ships with Samba-3.0.x. You'll see that the semantics of "valid users" was changed around 3.0.8. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users not working on 3.0.23d
Felipe Augusto van de Wiel wrote: > On 02/02/2007 01:08 PM, Papo Napolitano wrote: >> Any one still having problems with "valid users" on 3.0.23d? >> I'm working in "security = USER" mode and with local users only. > >> Share configuration : > >> [private] >> path = /home/private >> valid users = papo >> force user = root >> force group = root >> read only = No >> create mask = 0600 >> directory mask = 0700 > > [...] >> Second test, using a valid but not listed user : > >> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator >> Password: >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] >> smb: \> mkdir 1 >> smb: \> rmdir 1 >> smb: \> quit > >> This is wrong, administrator shouldn't write, not even connect >> to the share. "invalid users" seems to work ok though. >> I can provide debug logs for both versions if needed. >> Any hints? > > Is your administrator in the list of 'admin users'? > > >> Thanks.- > > Kind regards, > No, 'admin users' is empty. Anyway, I'm observing the same behaviour with any account. Downgrading to 3.0.22 and using the same smb.conf works, I'm going to try 3.0.24 in the next couple of days just to be sure. Thanks.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users not working on 3.0.23d
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/02/2007 01:08 PM, Papo Napolitano wrote: > Any one still having problems with "valid users" on 3.0.23d? > I'm working in "security = USER" mode and with local users only. > > Share configuration : > > [private] > path = /home/private > valid users = papo > force user = root > force group = root > read only = No > create mask = 0600 > directory mask = 0700 > [...] > Second test, using a valid but not listed user : > > [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator > Password: > Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] > smb: \> mkdir 1 > smb: \> rmdir 1 > smb: \> quit > > This is wrong, administrator shouldn't write, not even connect > to the share. "invalid users" seems to work ok though. > I can provide debug logs for both versions if needed. > Any hints? Is your administrator in the list of 'admin users'? > Thanks.- Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxz9zCj65ZxU4gPQRAjVQAKCMWQl39luBMWXxMcN73Z3pSiHnPwCgk1DR 8+0HSyl7roKBwGPxZyZZKrs= =khZ1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Valid users not working on 3.0.23d
Hi, Any one still having problems with "valid users" on 3.0.23d? I'm working in "security = USER" mode and with local users only. Share configuration : [private] path = /home/private valid users = papo force user = root force group = root read only = No create mask = 0600 directory mask = 0700 First test, anonymous : [EMAIL PROTECTED] /]# smbclient //julieta/private Password: Anonymous login successful Domain=[DAC] OS=[Unix] Server=[Samba 3.0.23d] tree connect failed: NT_STATUS_ACCESS_DENIED So far, working. Second test, using a valid but not listed user : [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator Password: Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] smb: \> mkdir 1 smb: \> rmdir 1 smb: \> quit This is wrong, administrator shouldn't write, not even connect to the share. "invalid users" seems to work ok though. I can provide debug logs for both versions if needed. Any hints? Thanks.- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba