Holger Brückner
2003-Jun-03 18:58 UTC
[Samba] password sync program NOT running as user root
Hello * in my samba installation the unix password sync program is not run as suer root. instead it runs as the user whw want's to change the password: this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam enabled (no other changes to the debian build script) # Global parameters [global] workgroup = SVFMG server string = %h server (Samba %v) obey pam restrictions = Yes passdb backend = smbpasswd, ldapsam, tdbsam, unixsam passwd program = /etc/samba/ldapsync.pl -o %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *modifying* passwd chat debug = Yes username map = /etc/samba/usermap svpdc:/etc/samba# cat /etc/samba/ldapsync.pl #!/usr/bin/perl -w $myid = $<; `echo $myid >> /tmp/ldapsync.debug`; svpdc:/etc/samba# cat /tmp/ldapsync.debug 1015 1015 1015 [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_user(648) ldapsam_search_one_user: searching for:[(&(uid=lorenz)(objectclass=sambaAccount))] [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(1059) Entry found for user: lorenz [2003/06/03 20:16:40, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(2187) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(gidNumber=1005))] [2003/06/03 20:16:40, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chgpasswd(486) Password change for user: lorenz [2003/06/03 20:16:40, 3] smbd/chgpasswd.c:chat_with_program(443) Dochild for user lorenz (uid=0,gid=0) [2003/06/03 20:16:40, 0] lib/util_sock.c:read_socket_with_timeout(275) read_socket_with_timeout: timeout read. read error = Input/output error. [2003/06/03 20:16:40, 2] smbd/chgpasswd.c:expect(277) expect: Input/output error as you can see it successfully does a ldap lookup for the user account. samba also states that it will change to uid=0,gid=0. unfortunately that never seems to happen. teh input /ouput errors are because the test script doesn't provide the expected output. but the main problem is, that the switch to uid=0 does not happen, which makes it really difficult to write a secur password change script. (now i'll have to make the script world executable to be able to change passwords). any suggestions ?!? i can provide further logs if you tell me what you need. greetings from muc Holger Brueckner net-labs Systemhaus gmbH
Andrew Bartlett
2003-Jun-04 00:35 UTC
[Samba] password sync program NOT running as user root
On Wed, 2003-06-04 at 04:58, Holger Br?ckner wrote:> Hello * > > in my samba installation the unix password sync program is not run as > suer root. instead it runs as the user whw want's to change the > password: > > this is a recompiled debian samba_2.999+3.0.alpha23-4 with ldapsam > enabled (no other changes to the debian build script)You might find 'ldap passwd sync' less painful, and easier to debug. Samba uses the 'password set' API to directly set the user's password. You may need to use the patch recently re-posted to samba-technical, if debian has moved to OpenLDAP 2.1 Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030604/6ca6d6d3/attachment.bin