Public bug reported: In the most recent release of samba 3.6.25-0ubuntu0.12.04.3 on Ubuntu 12.04 the "force user" does not work if the specified user happens to also be an AD domain user. "force user" works entirely properly if the user is a local NSS user only (/etc/passwd and ldap).
Symptoms: Windows clients don't let you access any files which have unix permissions 700. Mac OS clients let you create files but not delete files. The macos problem can be worked around by adding acl check permissions = no to the share. I have tried Xenial's samba 4.3.9 packages and they seem to have a similar problem in that "force user" works if the user specified is not in the domain but you can't even map the drive if it is in the domain. This all used to work in 12.04 before the recent security updates to samba. Any ideas what could be wrong? My winbind and idmap config lines from smb.conf are security = ads realm = DOM.DOMAIN.COM winbind use default domain = yes winbind offline logon = false winbind refresh tickets = true winbind enum users = false winbind enum groups = false idmap config *:backend = tdb idmap config *:range = 100000 - 199999 idmap config DOM:backend = nss idmap config DOM:readonly = yes idmap config DOM:default = yes idmap config DOM:range = 100 - 99999 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: samba 2:3.6.25-0ubuntu0.12.04.3 ProcVersionSignature: Ubuntu 3.2.0-102.142-generic 3.2.79 Uname: Linux 3.2.0-102-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.13 Architecture: amd64 Date: Wed May 18 09:17:45 2016 InstallationMedia: Ubuntu-Server 12.04 LTS "Precise Pangolin" - Release amd64 (20120424.1) MarkForUpload: True SambaServerRegression: Yes SmbConfIncluded: No SourcePackage: samba UbuntuFailedConnect: Yes UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.logrotate.d.samba: [modified] mtime.conffile..etc.logrotate.d.samba: 2014-06-25T12:47:37 ** Affects: samba (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug precise -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1583056 Title: regression: "force user" does no work correctly in security=ads with idmap backend=nss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1583056/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs