Holger Brückner
2003-Jun-03 18:58 UTC
[Samba] password sync program NOT running as user root
Hello *
in my samba installation the unix password sync program is not run as
suer root. instead it runs as the user whw want's to change the
password:
this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam
enabled (no other changes to the debian build script)
# Global parameters
[global]
workgroup = SVFMG
server string = %h server (Samba %v)
obey pam restrictions = Yes
passdb backend = smbpasswd, ldapsam, tdbsam, unixsam
passwd program = /etc/samba/ldapsync.pl -o %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*modifying*
passwd chat debug = Yes
username map = /etc/samba/usermap
svpdc:/etc/samba# cat /etc/samba/ldapsync.pl
#!/usr/bin/perl -w
$myid = $<;
`echo $myid >> /tmp/ldapsync.debug`;
svpdc:/etc/samba# cat /tmp/ldapsync.debug
1015
1015
1015
[2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(648)
ldapsam_search_one_user: searching
for:[(&(uid=lorenz)(objectclass=sambaAccount))]
[2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(1059)
Entry found for user: lorenz
[2003/06/03 20:16:40, 2]
passdb/pdb_ldap.c:ldapsam_search_one_group(2187)
ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=1005))]
[2003/06/03 20:16:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chgpasswd(486)
Password change for user: lorenz
[2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chat_with_program(443)
Dochild for user lorenz (uid=0,gid=0)
[2003/06/03 20:16:40, 0] lib/util_sock.c:read_socket_with_timeout(275)
read_socket_with_timeout: timeout read. read error = Input/output
error.
[2003/06/03 20:16:40, 2] smbd/chgpasswd.c:expect(277)
expect: Input/output error
as you can see it successfully does a ldap lookup for the user account.
samba also states that it will change to uid=0,gid=0. unfortunately that
never seems to happen. teh input /ouput errors are because the test
script doesn't provide the expected output. but the main problem is,
that the switch to uid=0 does not happen, which makes it really
difficult to write a secur password change script. (now i'll have to
make the script world executable to be able to change passwords).
any suggestions ?!?
i can provide further logs if you tell me what you need.
greetings from muc
Holger Brueckner
net-labs Systemhaus gmbH
Andrew Bartlett
2003-Jun-04 00:35 UTC
[Samba] password sync program NOT running as user root
On Wed, 2003-06-04 at 04:58, Holger Br?ckner wrote:> Hello * > > in my samba installation the unix password sync program is not run as > suer root. instead it runs as the user whw want's to change the > password: > > this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam > enabled (no other changes to the debian build script)You might find 'ldap passwd sync' less painful, and easier to debug. Samba uses the 'password set' API to directly set the user's password. You may need to use the patch recently re-posted to samba-technical, if debian has moved to OpenLDAP 2.1 Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030604/6ca6d6d3/attachment.bin