Wolf on Air
2003-Apr-20 13:29 UTC
[Samba] How I got Samba 2.2.8a to run on OpenBSD 3.2 i386
First of all, GREAT WORK! I now have my very own Windoze domain thanks to Samba :) Now, getting Samba to work fully on OpenBSD was harder than I'd think it would be. To get smbd to compile somewhat cleanly, I had to hack ./source/include/config.h thusly: remove USE_SETREUID, add USE_SETEUID. Then, I hacked sec_ctx.c like the attached diff shows, to get rid of some assert_gid panic when changing passwords from Windoze. Stuff seems to work this way, so I'm happy. Suggestion: add a #if #endif block for this or something. Furthermore I had to add a SRV DNS record as shown in lan.zone to get a WinXP client to "see" the PDC. There's a bit of a problem there: it joins, reboots, I can log in, then I log out, try to log in again, and immedietly get some stupid error about not finding the PDC, which is bullshit considering what really happened is it talked to it and didn't get what it expected... And that's that. I log in locally, re-join, reboot, repeat ad absurdum. Without the SRV record it would just not find the PDC at all. Yes, I've applied the SignOrSeal registry hack. No, it does not help. Service Pack 1a if that means anything. Anyway. Then I wrote two perl scripts for user management: smbadduser - adds users dynamically (please use this only as shown in attached smb.conf! logging is really necessary, considering the program's non-quality) smbchpasswd - quick 'passwd' drop-in (not used in attached smb.conf since I since I wrote it have hacked the original 'passwd' to use getuid instead of getlogin or something like that... STFW on 'openbsd passwd "who are you"' to figure out what to do if you want to fix it yourself. Attached smb.conf shows how to chat with a fixed 'passwd' program.) Use smbchpasswd with: passwd program = /usr/local/bin/smbchpasswd %u passwd chat = new-pass %n\n pwd-ok Or at least I think that chat line is correct... YMMV. I might have forgotten a newline. As a little easter egg, check the 'message command' setting. Message echoing :) - Samuel "Wolf on Air" Ljungkvist -------------- next part -------------- --- sec_ctx.c Sun Apr 20 03:10:59 2003 +++ sec_ctx.c~ Sun Apr 20 03:09:00 2003 @@ -145,10 +145,10 @@ /* this looks a little strange, but is needed to cope with systems that put the current egid in the group list - returned from getgroups() (tridge) + returned from getgroups() (tridge) */ save_re_gid(); set_effective_gid(gid); - setgid(gid);*/ + setgid(gid); ngroups = sys_getgroups(0,&grp); if (ngroups <= 0) { @@ -164,7 +164,7 @@ goto fail; } - //restore_re_gid(); + restore_re_gid(); (*p_ngroups) = ngroups; (*p_groups) = groups; @@ -179,7 +179,7 @@ fail: SAFE_FREE(groups); - //restore_re_gid(); + restore_re_gid(); return -1; } -------------- next part -------------- #!/usr/bin/perl -W use Fcntl qw(:DEFAULT :flock); $pwd_mkdb = "/usr/sbin/pwd_mkdb"; $master_passwd = "/etc/master.passwd"; umask(077); die "You are not root!\n" if $<; $newname = pop(@ARGV); exit if !defined $newname; print scalar localtime() . " - $0 $newname\n"; die "$newname already exists!\n" if ($newname eq "root" || getpwnam($newname)); system($pwd_mkdb, '-p', '-c', $master_passwd); die "Invalid $master_passwd - cannot add any users!\n" if $?; for($newuid = 10000; $newuid < 32767; ++$newuid){ last if !getpwuid($newuid); } die "No free UID!\n" if ($newuid >= 32767); # doesn't happen open(MPW, ">> $master_passwd") or die "Can't open $master_passwd: $!\n"; flock(MPW, LOCK_EX) or die "Can't lock $master_passwd!\n"; print MPW "$newname:*:$newuid:32767::0:0::/dev/null:/sbin/nologin\n"; flock(MPW, LOCK_UN); close MPW; system($pwd_mkdb, '-p', '-u', $newname, $master_passwd); die "pwd_mkdb failed!" if $?; -------------- next part -------------- #!/usr/bin/perl -W use Fcntl qw(:DEFAULT :flock); use IPC::Open2; $pwd_mkdb = "/usr/sbin/pwd_mkdb"; $passwd_tmp = "/etc/ptmp"; $master_passwd = "/etc/master.passwd"; umask(077); exit if $<; $username = pop(@ARGV); exit if !defined $username; getpwnam($username) or exit; system(split(/\s+/, "$pwd_mkdb -c $master_passwd")); exit if $?; print "new-pwd"; $newpwd = <STDIN>; chomp($newpwd); sysopen(NEW_PW, $passwd_tmp, O_WRONLY|O_CREAT|O_EXCL|O_NONBLOCK|O_SHLOCK, 0600) or exit; open(OLD_PW, "< $master_passwd"); while(<OLD_PW>){ @user = split(/:/); if($user[0] eq $username){ $user[1] = encrypt($newpwd); } print NEW_PW join(':', @user); } close OLD_PW; system($pwd_mkdb, '-p', '-u', $username, $passwd_tmp); exit if $?; close NEW_PW; unlink $passwd_tmp; print "pwd-ok"; sub encrypt{ local $passwd = $_; open2(\*ENCRD, \*ENCWR, "/usr/bin/encrypt"); print ENCWR $passwd; close ENCWR; $passwd = <ENCRD>; chomp $passwd; close ENCRD; die "encrypt failed" if (wait == -1 || $? != 0); return $passwd; } -------------- next part -------------- # Global parameters [global] workgroup = LAN netbios name = ROUTER server string = interfaces = lo0 ne4 bind interfaces only = Yes encrypt passwords = Yes passwd program = /usr/bin/passwd %u passwd chat = Changing\s*\spassword\sfor\s%u.\nNew\spassword: %n\n \nRetype\snew\spassword: %n\n \n min passwd length = 6 unix password sync = Yes syslog only = Yes max log size = 0 time server = Yes load printers = No disable spoolss = Yes show add printer wizard = No mangling method = hash2 domain admin group = root @wheel domain guest group = nobody @nobody add user script = /usr/local/bin/smbadduser '%u' >>/var/log/smbadduser delete user script = /usr/bin/yes|/usr/sbin/rmuser '%u' logon script = logon.cmd logon drive = Z: logon home = \\%N\%U\profile domain logons = Yes os level = 64 preferred master = Yes domain master = Yes wins support = Yes message command = /usr/local/bin/smbclient -M '%f' -U '%t' -I '%I'<%s;rm %s& write list = root map archive = No csc policy = disable [netlogon] path = /etc/samba/netlogon browseable = No [homes] read only = No browseable = No -------------- next part -------------- @ IN SOA lan.triplefusion.net. hostmaster.lan.triplefusion.net. (2003041203 28800 7200 604800 86400) IN NS router IN MX 0 router krb4-realm IN TXT "#lan.triplefusion.net" krb5-realm IN TXT "#lan.triplefusion.net" _kerberos IN TXT "#lan.triplefusion.net" _ldap._tcp.dc._msdcs IN SRV 0 0 389 router localhost IN A 127.0.0.1 router IN A 10.0.0.1 woa IN A 10.0.0.2 maria IN A 10.0.0.3 laptop IN A 10.0.0.4