Samba: share is not accessible for AD groups












0















I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:



[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes

[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"


When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.



My samba log file is:



# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)


It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf valid users section, or @"Domain Users" I can access the share with no problem. So, how do I specify only one AD group?










share|improve this question



























    0















    I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:



    [global]
    workgroup = MYDOMAIN
    client signing = yes
    client use spnego = yes
    kerberos method = secrets and keytab
    realm = MYDOMAIN.LOCAL.FQDN
    security = ads
    log file = /var/log/samba/log.%m
    log level =3
    passdb backend = tdbsam
    encrypt passwords = yes

    [myshare]
    path = /myshare/
    browsable =yes
    write list=@mygroup
    writable = yes
    read only = yes
    # below are 3 attempts to allow my group
    valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"


    When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.



    My samba log file is:



    # cat /var/log/samba/log.192.168.15.123
    [2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
    init_oplocks: initializing messages.
    [2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
    Transaction 0 of length 159 (0 toread)
    [2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
    switch message SMBnegprot (pid 34286) conn 0x0
    [2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [PC NETWORK PROGRAM 1.0]
    [2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [LANMAN1.0]
    [2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [Windows for Workgroups 3.1a]
    [2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [LM1.2X002]
    [2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [LANMAN2.1]
    [2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [NT LM 0.12]
    [2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [SMB 2.002]
    [2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
    Requested protocol [SMB 2.???]
    [2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
    Selected protocol SMB2_FF
    [2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
    Selected protocol SMB 2.???
    [2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
    Selected protocol SMB3_11
    [2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
    Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
    [2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
    Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
    [2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
    lp_load_ex: refreshing parameters
    [2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
    Initialising global parameters
    [2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
    Processing section "[global]"
    [2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
    Processing section "[myshare]"
    [2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
    adding IPC service
    [2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
    idmap range not specified for domain '*'
    [2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
    Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
    [2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
    Connect path is '/tmp' for service [IPC$]
    [2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
    Initialising default vfs hooks
    [2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
    Initialising custom vfs hooks from [/[Default VFS]/]
    [2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
    192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
    [2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
    get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
    [2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
    [2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
    Allowed connection from 192.168.15.123 (192.168.15.123)
    [2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
    [2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mygroup is not in a valid format
    [2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
    string_to_sid: SID @mydomainmygroup is not in a valid format
    [2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
    user 'myuser' (from session setup) not permitted to access this share (myshare)
    [2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
    create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
    [2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
    smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
    [2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
    192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
    [2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
    Server exit (NT_STATUS_CONNECTION_RESET)


    It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf valid users section, or @"Domain Users" I can access the share with no problem. So, how do I specify only one AD group?










    share|improve this question

























      0












      0








      0








      I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:



      [global]
      workgroup = MYDOMAIN
      client signing = yes
      client use spnego = yes
      kerberos method = secrets and keytab
      realm = MYDOMAIN.LOCAL.FQDN
      security = ads
      log file = /var/log/samba/log.%m
      log level =3
      passdb backend = tdbsam
      encrypt passwords = yes

      [myshare]
      path = /myshare/
      browsable =yes
      write list=@mygroup
      writable = yes
      read only = yes
      # below are 3 attempts to allow my group
      valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"


      When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.



      My samba log file is:



      # cat /var/log/samba/log.192.168.15.123
      [2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
      init_oplocks: initializing messages.
      [2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
      Transaction 0 of length 159 (0 toread)
      [2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
      switch message SMBnegprot (pid 34286) conn 0x0
      [2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [PC NETWORK PROGRAM 1.0]
      [2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LANMAN1.0]
      [2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [Windows for Workgroups 3.1a]
      [2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LM1.2X002]
      [2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LANMAN2.1]
      [2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [NT LM 0.12]
      [2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [SMB 2.002]
      [2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [SMB 2.???]
      [2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
      Selected protocol SMB2_FF
      [2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
      Selected protocol SMB 2.???
      [2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
      Selected protocol SMB3_11
      [2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
      Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
      [2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
      Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
      [2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
      lp_load_ex: refreshing parameters
      [2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
      Initialising global parameters
      [2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
      Processing section "[global]"
      [2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
      Processing section "[myshare]"
      [2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
      adding IPC service
      [2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
      idmap range not specified for domain '*'
      [2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
      Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
      [2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
      Connect path is '/tmp' for service [IPC$]
      [2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
      Initialising default vfs hooks
      [2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
      Initialising custom vfs hooks from [/[Default VFS]/]
      [2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
      192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
      [2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
      192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
      [2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
      Server exit (NT_STATUS_CONNECTION_RESET)


      It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf valid users section, or @"Domain Users" I can access the share with no problem. So, how do I specify only one AD group?










      share|improve this question














      I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:



      [global]
      workgroup = MYDOMAIN
      client signing = yes
      client use spnego = yes
      kerberos method = secrets and keytab
      realm = MYDOMAIN.LOCAL.FQDN
      security = ads
      log file = /var/log/samba/log.%m
      log level =3
      passdb backend = tdbsam
      encrypt passwords = yes

      [myshare]
      path = /myshare/
      browsable =yes
      write list=@mygroup
      writable = yes
      read only = yes
      # below are 3 attempts to allow my group
      valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"


      When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.



      My samba log file is:



      # cat /var/log/samba/log.192.168.15.123
      [2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
      init_oplocks: initializing messages.
      [2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
      Transaction 0 of length 159 (0 toread)
      [2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
      switch message SMBnegprot (pid 34286) conn 0x0
      [2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [PC NETWORK PROGRAM 1.0]
      [2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LANMAN1.0]
      [2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [Windows for Workgroups 3.1a]
      [2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LM1.2X002]
      [2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [LANMAN2.1]
      [2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [NT LM 0.12]
      [2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [SMB 2.002]
      [2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
      Requested protocol [SMB 2.???]
      [2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
      Selected protocol SMB2_FF
      [2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
      Selected protocol SMB 2.???
      [2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
      Selected protocol SMB3_11
      [2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
      Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
      [2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
      Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
      [2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
      lp_load_ex: refreshing parameters
      [2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
      Initialising global parameters
      [2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
      Processing section "[global]"
      [2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
      Processing section "[myshare]"
      [2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
      adding IPC service
      [2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
      idmap range not specified for domain '*'
      [2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
      Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
      [2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
      Connect path is '/tmp' for service [IPC$]
      [2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
      Initialising default vfs hooks
      [2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
      Initialising custom vfs hooks from [/[Default VFS]/]
      [2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
      192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
      [2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
      get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
      [2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
      [2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
      Allowed connection from 192.168.15.123 (192.168.15.123)
      [2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
      [2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mygroup is not in a valid format
      [2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
      string_to_sid: SID @mydomainmygroup is not in a valid format
      [2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
      user 'myuser' (from session setup) not permitted to access this share (myshare)
      [2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
      create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
      [2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
      smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
      [2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
      192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
      [2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
      Server exit (NT_STATUS_CONNECTION_RESET)


      It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf valid users section, or @"Domain Users" I can access the share with no problem. So, how do I specify only one AD group?







      samba cifs active-directory smb sssd






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 3 hours ago









      Adriano_epifasAdriano_epifas

      82




      82






















          0






          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "106"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503002%2fsamba-share-is-not-accessible-for-ad-groups%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503002%2fsamba-share-is-not-accessible-for-ad-groups%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Loup dans la culture

          How to solve the problem of ntp “Unable to contact time server” from KDE?

          ASUS Zenbook UX433/UX333 — Configure Touchpad-embedded numpad on Linux