With net/samba34 everything was working properly, I had my FreeBSD system joined as an active directory member server to an existing Windows 2000 active directory domain. I had set up a few shares on this FreeBSD server and it was authenticating client access through Active Directory's user and group permissions.
After upgrading to net/samba36 this stopped functioning. Samba would no longer authenticate a client connection using AD. According to the forum post located at http://forums.freebsd.org/showthread.php?t=13423, something has changed in 3.5/3.6 that prevents this specific feature from functioning.
For example, a share that is not working is defined as follows in /usr/local/etc/smb.conf:
This was working in 3.4 prior to upgrading to 3.6. Windows XP or Windows 7 client computers that were active directory members could access this share as a valid domain user.
After upgrading to 3.6, access is denied with the error:
The logs reveal that Samba is attempting to look up a user permission and doesn't check group permissions (/var/log/samba/log.home-2fbd51e957):
I have no problem downgrading to net/samba34, but that port is no longer available. What can be done?
After upgrading to net/samba36 this stopped functioning. Samba would no longer authenticate a client connection using AD. According to the forum post located at http://forums.freebsd.org/showthread.php?t=13423, something has changed in 3.5/3.6 that prevents this specific feature from functioning.
For example, a share that is not working is defined as follows in /usr/local/etc/smb.conf:
Code:
[web]
writeable = yes
path = /usr/local/www
write list = @"HOME\Domain Users"
force group = wheel
force user = root
comment = Default Website
valid users = @"HOME\Domain Users"
user = @"HOME\Domain Users"This was working in 3.4 prior to upgrading to 3.6. Windows XP or Windows 7 client computers that were active directory members could access this share as a valid domain user.
After upgrading to 3.6, access is denied with the error:
Code:
NT_STATUS_ACCESS_DENIEDThe logs reveal that Samba is attempting to look up a user permission and doesn't check group permissions (/var/log/samba/log.home-2fbd51e957):
Code:
[2013/08/05 22:07:46.639636, 5] lib/username.c:149(Get_Pwnam_internals)
Get_Pwnam_internals didn't find user [Domain Users]!
[2013/08/05 22:07:46.640189, 5] smbd/share_access.c:120(token_contains_name)
lookup_name HOME\Domain Users failed
[2013/08/05 22:07:46.640204, 10] smbd/share_access.c:219(user_ok_token)
User daniel not in 'valid users'
[2013/08/05 22:07:46.640215, 2] smbd/service.c:627(create_connection_session_info)
user 'daniel' (from session setup) not permitted to access this share (web)I have no problem downgrading to net/samba34, but that port is no longer available. What can be done?
