Samba: share is not accessible for AD groups
I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:
[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes
[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"
When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.
My samba log file is:
# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf
valid users section, or @"Domain Users"
I can access the share with no problem. So, how do I specify only one AD group?
samba cifs active-directory smb sssd
add a comment |
I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:
[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes
[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"
When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.
My samba log file is:
# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf
valid users section, or @"Domain Users"
I can access the share with no problem. So, how do I specify only one AD group?
samba cifs active-directory smb sssd
add a comment |
I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:
[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes
[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"
When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.
My samba log file is:
# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf
valid users section, or @"Domain Users"
I can access the share with no problem. So, how do I specify only one AD group?
samba cifs active-directory smb sssd
I have a CentOS server joined to an ID domain with realm(8) using sssd(8). I don´t have winbind installed, though. I can log fine with AD domain users into this CentOS server. I set up samba shares in that server to try to serve files to users in the domain: I tried many configs for samba, my last one is this:
[global]
workgroup = MYDOMAIN
client signing = yes
client use spnego = yes
kerberos method = secrets and keytab
realm = MYDOMAIN.LOCAL.FQDN
security = ads
log file = /var/log/samba/log.%m
log level =3
passdb backend = tdbsam
encrypt passwords = yes
[myshare]
path = /myshare/
browsable =yes
write list=@mygroup
writable = yes
read only = yes
# below are 3 attempts to allow my group
valid users=@"mygroup@mydomain.local.fqdn" @"mygroup" @"mydomainmygroup"
When I go to a Windows 10 PC, I access myCentOSserver and it opens the server list of shares, with myshare there. When I double click it, it gives me the pop-up saying my login failed and asks for username and password, but I´m already logged as a user member of this mygroup AD group.
My samba log file is:
# cat /var/log/samba/log.192.168.15.123
[2019/02/25 18:25:13.655237, 3] ../source3/smbd/oplock.c:1340(init_oplocks)
init_oplocks: initializing messages.
[2019/02/25 18:25:13.655467, 3] ../source3/smbd/process.c:1958(process_smb)
Transaction 0 of length 159 (0 toread)
[2019/02/25 18:25:13.655511, 3] ../source3/smbd/process.c:1538(switch_message)
switch message SMBnegprot (pid 34286) conn 0x0
[2019/02/25 18:25:13.657361, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [PC NETWORK PROGRAM 1.0]
[2019/02/25 18:25:13.657416, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN1.0]
[2019/02/25 18:25:13.657442, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [Windows for Workgroups 3.1a]
[2019/02/25 18:25:13.657465, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LM1.2X002]
[2019/02/25 18:25:13.657488, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [LANMAN2.1]
[2019/02/25 18:25:13.657511, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [NT LM 0.12]
[2019/02/25 18:25:13.657534, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.002]
[2019/02/25 18:25:13.657580, 3] ../source3/smbd/negprot.c:628(reply_negprot)
Requested protocol [SMB 2.???]
[2019/02/25 18:25:13.657823, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB2_FF
[2019/02/25 18:25:13.660341, 3] ../source3/smbd/negprot.c:761(reply_negprot)
Selected protocol SMB 2.???
[2019/02/25 18:25:13.663491, 3] ../source3/smbd/smb2_negprot.c:294(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2019/02/25 18:25:13.676251, 3] ../auth/kerberos/kerberos_pac.c:413(kerberos_decode_pac)
Found account name from PAC: Adriano.Pinaffo [PINAFFO, Adriano]
[2019/02/25 18:25:13.676326, 3] ../source3/auth/user_krb5.c:51(get_user_from_kerberos_info)
Kerberos ticket principal name is [myuser@mydomain.local.fqdn]
[2019/02/25 18:25:13.678238, 3] ../source3/param/loadparm.c:3868(lp_load_ex)
lp_load_ex: refreshing parameters
[2019/02/25 18:25:13.678398, 3] ../source3/param/loadparm.c:547(init_globals)
Initialising global parameters
[2019/02/25 18:25:13.678599, 3] ../source3/param/loadparm.c:2782(lp_do_section)
Processing section "[global]"
[2019/02/25 18:25:13.678774, 2] ../source3/param/loadparm.c:2799(lp_do_section)
Processing section "[myshare]"
[2019/02/25 18:25:13.678971, 3] ../source3/param/loadparm.c:1617(lp_add_ipc)
adding IPC service
[2019/02/25 18:25:13.679817, 1] ../source3/param/loadparm.c:2488(lp_idmap_range)
idmap range not specified for domain '*'
[2019/02/25 18:25:13.680644, 3] ../source3/smbd/password.c:144(register_homes_share)
Adding homes service for user 'myuser' using home directory: '/home/mydomain.local.fqdn/myuser'
[2019/02/25 18:25:13.685042, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.685174, 3] ../source3/smbd/service.c:595(make_connection_snum)
Connect path is '/tmp' for service [IPC$]
[2019/02/25 18:25:13.685247, 3] ../source3/smbd/vfs.c:113(vfs_init_default)
Initialising default vfs hooks
[2019/02/25 18:25:13.685297, 3] ../source3/smbd/vfs.c:139(vfs_init_custom)
Initialising custom vfs hooks from [/[Default VFS]/]
[2019/02/25 18:25:13.685493, 3] ../source3/smbd/service.c:841(make_connection_snum)
192.168.15.123 (ipv4:192.168.15.123:2551) connect to service IPC$ initially as user myuser (uid=1953615494, gid=1953600513) (pid 34286)
[2019/02/25 18:25:13.688823, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.688886, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.689039, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.689094, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.692620, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.692717, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.695607, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.700832, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.702335, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.702388, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.702462, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.705850, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.705939, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.709969, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.714254, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.715363, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.715434, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.715538, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.719135, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719220, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.719399, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.719458, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.722522, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.722632, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.725278, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.729162, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.730606, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.730700, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.730803, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.734060, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.734146, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.737530, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.743056, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.745052, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.745105, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.745176, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.749224, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.749304, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.752605, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.752686, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.755528, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.760950, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.762243, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.762293, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.762362, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.765697, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.765791, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.768600, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.773398, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.774735, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.774806, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.774926, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:13.779205, 3] ../source3/smbd/msdfs.c:1008(get_referred_path)
get_referred_path: |myshare| in dfs path mycentosservermyshare is not a dfs root.
[2019/02/25 18:25:13.779280, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_NOT_FOUND] || at ../source3/smbd/smb2_ioctl.c:312
[2019/02/25 18:25:13.783652, 3] ../lib/util/access.c:365(allow_access)
Allowed connection from 192.168.15.123 (192.168.15.123)
[2019/02/25 18:25:13.783720, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup@mydomain.local.fqdn is not in a valid format
[2019/02/25 18:25:13.786662, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mygroup is not in a valid format
[2019/02/25 18:25:13.792866, 3] ../libcli/security/dom_sid.c:210(dom_sid_parse_endp)
string_to_sid: SID @mydomainmygroup is not in a valid format
[2019/02/25 18:25:13.794993, 2] ../source3/smbd/service.c:349(create_connection_session_info)
user 'myuser' (from session setup) not permitted to access this share (myshare)
[2019/02/25 18:25:13.795046, 1] ../source3/smbd/service.c:521(make_connection_snum)
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
[2019/02/25 18:25:13.795318, 3] ../source3/smbd/smb2_server.c:3171(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_ACCESS_DENIED] || at ../source3/smbd/smb2_tcon.c:138
[2019/02/25 18:25:24.362427, 3] ../source3/smbd/service.c:1120(close_cnum)
192.168.15.123 (ipv4:192.168.15.123:2551) closed connection to service IPC$
[2019/02/25 18:25:24.368723, 3] ../source3/smbd/server_exit.c:236(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
It said for the 3 attempts to use an AD group it is not in a valid format. Now, if I put my username directly (no "@" sign) in the smb.conf
valid users section, or @"Domain Users"
I can access the share with no problem. So, how do I specify only one AD group?
samba cifs active-directory smb sssd
samba cifs active-directory smb sssd
asked 3 hours ago
Adriano_epifasAdriano_epifas
82
82
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503002%2fsamba-share-is-not-accessible-for-ad-groups%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f503002%2fsamba-share-is-not-accessible-for-ad-groups%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown