4 thoughts on - Samba3x PDC And Win XP

  • Hello Paul,

    Perhaps the single backslashes being escapes for the following percent signs? Try doubling the backslashes, possibly the first two in the path as well.

    Regards, Leonard.

  • Thanks for the idea … I gave this a try but it is not the issue. The path in the error message was different but no cigar. I am positive that the syntax specified above is correct for the /etc/samba/smb.conf file as it is documented this way all over the web. It really looks like there is a mapping missing somewhere. For example I am seeing:

    2012/08/01 07:03:05.412614, 3] smbd/service.c:807(make_connection_snum)
    Connect path is ‘/mnt/home/profile’ for service [profile]
    [2012/08/01 07:03:05.412655, 3] smbd/vfs.c:97(vfs_init_default)
    Initialising default vfs hooks
    [2012/08/01 07:03:05.412684, 3] smbd/vfs.c:122(vfs_init_custom)
    Initialising custom vfs hooks from [/[Default VFS]/]
    [2012/08/01 07:03:05.412806, 3] lib/util_sid.c:228(string_to_sid)
    string_to_sid: Sid @smbusers does not start with ‘S-‘.

    I do have some linux groups smbusers, smbadmins, smbguests defined in
    /etc/group

    smbusers:x:103:snichols,visitor smbadmins:x:107:root,ganci smbguests:x:108:

    and mapped the group like so:

    > net groupmap list Domain Users (S-1-5-21-2436759526-4149905533-814844971-513) -> smbusers Administrators (S-1-5-32-544) -> 100000
    Domain Guests (S-1-5-21-2436759526-4149905533-814844971-514) -> smbguests Domain Admins (S-1-5-21-2436759526-4149905533-814844971-512) -> smbadmins Users (S-1-5-32-545) -> 100001

    I even tried adding this /etc/samba/smb.conf entry:

    # Unix users can map to different SMB User names
    username map = /etc/samba/smbusers

    with /etc/samba/smbusers containing:

    > cat smbusers
    # Unix_name = SMB_name1 SMB_name2 … root = Administrator administrator admin nobody = guest pcguest smbguest snichols = snichols ganci = ganci visitor = visitor

    None of it works.

  • Am 01.08.2012 09:39, schrieb Paul R. Ganci:
    The stage at which %u needs to be evaluated in this case is before the user authentication happens. You have to use %U instead of %u – this is not a security issue as having the wrong UNC path should (and probably will) be caught using ACLs.

    Regards, Andreas

  • Thank you so much for this bit of information. I have spent 3 days on this issue and now realize I was searching the web with the wrong question. As soon as I asked for the difference between %U and %u everything becomes clear. Apparently the use of %u as I have been using it for the last 5 years was deprecated and apparently with samba3x stops working altogether.

    The documentation is not very clear about the difference between %u and
    %U. The best I could find is that %u evaluates to the Linux username and that %U evaluates to (in my case) the Win XP client username. These do not necessarily have to be the same. Therefore I always used the %u version believing I was trusting the Linux. Besides out of the box the smb.conf uses %u as I did. Live and learn I suppose.

    I haven’t fixed my configuration yet but from what I just learned today this solution is what I was searching for the last three days. Again thank you very much for the information.

LEAVE A COMMENT