Samba 2.2.3a on OS-X 10.2.6 Trying to get a standalone server up and running with user level security. All the users have valid accounts and passwords, but we've enabled password sync and password chat and chat debug for the accounts as we don't do authentication against the active directory. unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat debug = yes passwd chat = *ew*assword* %n\n *etype*ew*assword* %n\n smbpasswd <USERNAME> succesfully changes the smb account, but does not change the unix account. Looking in the log files, after the smbpasswd transaction the following errors appear: [2003/09/24 13:59:49, 10] /SourceCache/samba/samba-26/source/passdb/pdb_smbpasswd.c:pdb_getsampwna m(1344) pdb_getsampwnam: search by name: <USERNAME> [2003/09/24 13:59:49, 10] /SourceCache/samba/samba-26/source/passdb/pdb_smbpasswd.c:startsmbfilepw ent(167) startsmbfilepwent_internal: opening file /var/db/samba/smbpasswd [2003/09/24 13:59:49, 5] /SourceCache/samba/samba-26/source/passdb/pdb_smbpasswd.c:getsmbfilepwen t(436) getsmbfilepwent: returning passwd entry for user <USERNAME>, uid 620 [2003/09/24 13:59:49, 7] /SourceCache/samba/samba-26/source/passdb/pdb_smbpasswd.c:endsmbfilepwen t(256) endsmbfilepwent_internal: closed password file. [2003/09/24 13:59:49, 10] /SourceCache/samba/samba-26/source/passdb/pdb_smbpasswd.c:pdb_getsampwna m(1386) pdb_getsampwnam: found by name: <USERNAME> [2003/09/24 13:59:49, 4] /SourceCache/samba/samba-26/source/lib/substitute.c:automount_server(160 ) Home server: 127.0.0.1 [2003/09/24 13:59:49, 4] /SourceCache/samba/samba-26/source/lib/substitute.c:automount_server(160 ) Home server: 127.0.0.1 [2003/09/24 13:59:49, 3] /SourceCache/samba/samba-26/source/smbd/sec_ctx.c:pop_sec_ctx(421) pop_sec_ctx (99, 99) - sec_ctx_stack_ndx = 0 [2003/09/24 13:59:50, 0] /SourceCache/samba/samba-26/source/lib/fault.c:fault_report(38) ==============================================================[2003/09/24 13:59:50, 0] /SourceCache/samba/samba-26/source/lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 10 in pid 16321 (2.2.3a (build 26)) Please read the file BUGS.txt in the distribution [2003/09/24 13:59:50, 0] /SourceCache/samba/samba-26/source/lib/fault.c:fault_report(41) ============================================================== Where <USERNAME> is the user who is changing their password. No errors are shown in the shell, and the user simply recieves the normal 'Password changed succesfully' message. Any ideas if this built in version of Samba is simply borked? -John John Snowdon - IT Support Specialist -==========================================- Faculty of Medical Sciences Computing Dept School of Medical Education Development University of Newcastle Phone : 0191 245 4230 Email : j.p.snowdon@ncl.ac.uk
On Thu, 2003-09-25 at 18:13, John Snowdon wrote:> Samba 2.2.3a on OS-X 10.2.6> Any ideas if this built in version of Samba is simply borked?Unless it's been patched, at the very least it suffers very serious security holes, and must be upgraded (to 2.2.8a at least). Other than that, apple has played all sorts of fun & games with their 'version' of Samba (intergration with their directory backend), so it could be an issue in there. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20030925/5e892c3c/attachment.bin
I've found that out, much to my annoyance; no rc.d startup, swat is only half useful, restart by a gui app (which resets smb.conf unless you 'chflags' the file before and after editing)... And as you say... integration with 'netinfo' for users and password details, which is a complete pig. I believe smbpasswd does not actually do anything at *all* to the passwords. At least when I've been testing it, changing credentials with it still allows me in with my 'old' details. The only thing it seems to do is create accounts and null the password. The only thing that seems to modify the smb passwords is using Apples 'Accounts' and 'Groups' utilities. Brilliant, just what I want from a server O/S, gui-only configuration. Thanks for pointing it out anyway. John Snowdon - IT Support Specialist -==========================================- Faculty of Medical Sciences Computing Dept School of Medical Education Development University of Newcastle Phone : 0191 245 4230 Email : j.p.snowdon@ncl.ac.uk -----Original Message----- From: Andrew Bartlett [mailto:abartlet@samba.org] Sent: 26 September 2003 00:08 To: John Snowdon Cc: samba@lists.samba.org Subject: Re: [Samba] Smbpasswd + password sync on OS X On Thu, 2003-09-25 at 18:13, John Snowdon wrote:> Samba 2.2.3a on OS-X 10.2.6> Any ideas if this built in version of Samba is simply borked?Unless it's been patched, at the very least it suffers very serious security holes, and must be upgraded (to 2.2.8a at least). Other than that, apple has played all sorts of fun & games with their 'version' of Samba (intergration with their directory backend), so it could be an issue in there. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net