Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding group "Domain Users" to a Share adds incorrect valid users entry #1889

Open
nickpiggott opened this issue Aug 28, 2019 · 0 comments

Comments

@nickpiggott
Copy link

commented Aug 28, 2019

Zentyal 5.1

Symptom: Users cannot connect to SMB Shares with Group "Domain Users" given read/write access.

Problem: The /etc/samba/shares.conf file contains the lines:

valid users = @"All domain users" 
read list =                                                                     
write list = @"All domain users"

Fix: Manually edit the value @"All domain users" to matche the @"Domain Users" group in the Active Directory Server.

Steps to reproduce:

  1. Create a new share in Zentyal File Sharing
  2. Add an ACL with a Group "Domain Users", and permissions read/write
  3. Try to connect from a client with a logged-in / authenticated client - receive authentication failure
  4. /var/log/samba/samba.log reports
'[2019/08/28 15:54:16.731769,  3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)                                                                                                
  string_to_sid: SID @All domain users is not in a valid format                                                                                                                      
[2019/08/28 15:54:16.732508,  3] ../source3/winbindd/winbindd_lookupname.c:69(winbindd_lookupname_send)                                                                              
  lookupname Unix Group\All domain users                                                                                                                                             
[2019/08/28 15:54:16.737156,  3] ../source3/winbindd/winbindd_getgrnam.c:56(winbindd_getgrnam_send)                                                                                  
  getgrnam All domain users                                                                                                                                                          
  1. Manually edit shares file to refer to "@Domain Users" and restart samba
  2. Connection is now successful
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.