some samba shares not working after upgrade

[ikke]

Hi,

I upgraded to 11. After that my samba went somehow broken. I can connect to my home dir, but not to the dirs that are shared among users. When I do this:

$ smbclient -W mynet -U jako //freenas.mynet/folder
Enter MYNET\jako's password:
Domain=[FREENAS] OS=[] Server=[]
tree connect failed: NT_STATUS_INVALID_SID

I get this in log:
[2017/07/13 20:50:21.232187, 2] ../source3/auth/auth.c:305(auth_check_ntlm_password)
check_ntlm_password: authentication for user [jako] -> [jako] -> [jako] succeeded
[2017/07/13 20:50:21.260098, 1] ../source3/auth/server_info.c:415(SamInfo3_handle_sids)
The primary group domain sid(S-1-5-21-842653890-1988264580-1163393349-1001) does not match the domain sid(S-1-5-21-214098893-1875932952-2377866373) for jako(S-1-5-21-214098893-1875932952-2377866373-501)

All my linux machines lost accesses to those accounts. Only one that works is my homedir, which doesn't have user mapping. Any idea what has changed, and how do I fix it?

My share's aux params:

Code:

force group = home
force user = jako
create mask = 666
force create mode = 666
directory mask = 777
force directory mode = 777

 

[ikke]

I found an article which suggested force user -parameter won't work in samba. This caused it. Removing it the share works. Why doesn't it work any longer in samba?

 

[anodos]

I found an article which suggested force user -parameter won't work in samba. This caused it. Removing it the share works. Why doesn't it work any longer in samba?

Post link to the article. The parameter worked the last time I tested it. What version of FreeNAS?

 

[ikke]

Here's the bugzilla for RHEL7: https://bugzilla.redhat.com/show_bug.cgi?id=1135723


I updated FN from 9.10u3 to 11u1

 

[ikke]

OK, so @anodos solved this for me in IRC. There was somehow erroneus SID for user. That was fixed by running /usr/local/bin/fixsid.py. I had to patch it a bit, as it used some non existing nt4 library:

Code:

# diff /usr/local/bin/fixsid.py fixsid.py													
43c43
<		 nt4_enabled
---
>		 #nt4_enabled
48,49c48,50
<			 ldap_enabled() or
<			 nt4_enabled()):
---
>			 ldap_enabled() # or
>			 #nt4_enabled()
>			 ):

That found the erroneus SID, and corrected it into config database.

Another problem was found at the same time, the middleware cut smb4.conf from middle, as there was UTF-8 character in share comment. Anodos said there is fix for it somewhere, but not yet in 11U1.

Thanks a lot Anodos!