L.P.H. van Belle
2018-Sep-26 09:20 UTC
[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Hai marco,> > I'm simply asking why the behaviour changed between 4.5 and 4.8... >This somewhere started in 4.6. These changes where needed due to security leaks. See: https://www.samba.org/samba/history/security.html 24 May 2017 and up. If i could make it better for you i would, but it is as it is. Greetz, Louis
Marco Gaiarin
2018-Sep-28 15:03 UTC
[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
Mandi! L.P.H. van Belle via samba In chel di` si favelave... Ahem, i come back here.> > I'm simply asking why the behaviour changed between 4.5 and 4.8... > This somewhere started in 4.6. > These changes where needed due to security leaks. > See: > https://www.samba.org/samba/history/security.html > 24 May 2017 and up.I've read all security announcments from 24 May 2017 and up, but found nothing that seems me relevant (eg, found nothing abount guest access, user mapping, default domain or something like these).> If i could make it better for you i would, but it is as it is.And really still i don't understood why 'winbind use default domain = yes' could not apply only to 'current' domain (eg workgroup = LNFFVG), as, seems to me, say the manpage (and as was before). -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
L.P.H. van Belle
2018-Sep-28 15:17 UTC
[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Marco Gaiarin via samba > Verzonden: vrijdag 28 september 2018 17:04 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] DM: samba 4.5 -> 4.8, guest access and > machine account access troubles. > > Mandi! L.P.H. van Belle via samba > In chel di` si favelave... > > Ahem, i come back here. > > > > I'm simply asking why the behaviour changed between 4.5 and 4.8... > > This somewhere started in 4.6. > > These changes where needed due to security leaks. > > See: > > https://www.samba.org/samba/history/security.html > > 24 May 2017 and up. > > I've read all security announcments from 24 May 2017 and up, but found > nothing that seems me relevant (eg, found nothing abount guest access, > user mapping, default domain or something like these).Ow, but i did mean almost all these CVE are related. There where just to many things to lookup and go through all the code changes. There was also a problem with mapping DOMIN\user to user Its just to many to go through all these changes... Maybe Rowland memory is better here..> > > > If i could make it better for you i would, but it is as it is. > > And really still i don't understood why 'winbind use default > domain = yes' > could not apply only to 'current' domain (eg workgroup = LNFFVG), as, > seems to me, say the manpage (and as was before).This, i dont know, but its weekend now and my brains are powering off.. Only 2 people left in the office here... Im closing now ... I'll have a good look after the weekend, if nobody else got you an decent answer. Greetz, Louis
Rowland Penny
2018-Sep-28 15:45 UTC
[Samba] DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
On Fri, 28 Sep 2018 17:17:38 +0200 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:> > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Marco Gaiarin via samba > > Verzonden: vrijdag 28 september 2018 17:04 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] DM: samba 4.5 -> 4.8, guest access and > > machine account access troubles. > > > > Mandi! L.P.H. van Belle via samba > > In chel di` si favelave... > > > > Ahem, i come back here. > > > > > > I'm simply asking why the behaviour changed between 4.5 and > > > > 4.8... > > > This somewhere started in 4.6. > > > These changes where needed due to security leaks. > > > See: > > > https://www.samba.org/samba/history/security.html > > > 24 May 2017 and up. > > > > I've read all security announcments from 24 May 2017 and up, but > > found nothing that seems me relevant (eg, found nothing abount > > guest access, user mapping, default domain or something like these). > > Ow, but i did mean almost all these CVE are related. > There where just to many things to lookup and go through all the code > changes. > > There was also a problem with mapping DOMIN\user to user > Its just to many to go through all these changes... > Maybe Rowland memory is better here..No, but what I do know is this, you should not use guest access on a domain member, Windows turns it off by default. Also 'Guest' doesn't exist on a Unix domain member, you would have to map it to the Unix domain user 'nobody'> > > > > > > > > If i could make it better for you i would, but it is as it is. > > > > And really still i don't understood why 'winbind use default > > domain = yes' > > could not apply only to 'current' domain (eg workgroup = LNFFVG), > > as, seems to me, say the manpage (and as was before). > > This, i dont know,Neither do I, mostly because I don't understand what the OP is trying to say ;-) I will try to explain how it is supposed to work and why you should only use it on a Unix domain member with one 'DOMAIN' If you have 'winbind use default domain = yes' in smb.conf, winbind will basically just strip off the leading 'DOMAIN\' from user and group names. so the user 'DOMAIN\fred' will become 'fred'. Okay so far ? Now, if you have two domains in smb.conf 'DOMAINA' & 'DOMAINB' and there is a user called 'fred' in both domains and you have 'winbind use default domain = yes', you will end up with two users called 'fred'. Rowland>but its weekend now and my brains are powering > off.. Only 2 people left in the office here... Im closing now ... > > I'll have a good look after the weekend, if nobody else got you an > decent answer. > > Greetz, > > Louis > > > >
Reasonably Related Threads
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.
- DM: samba 4.5 -> 4.8, guest access and machine account access troubles.