UNIX->smbpasswd synch

David Bannon D.Bannon at latrobe.edu.au
Thu Jun 15 23:11:23 GMT 2000 

At 04:46 AM 16/06/2000 +1000, douglas irvine wrote:
>OK, I setup
>the executable script exactly like your readme says, but I'm getting a
>"smbpasswd must *NOT* be run setuid root"
>
>I can't figure a way around this...Ideas?
>

I have not looked at this new pam_export programme but do remember
something about smbpasswd and this messsage. The background might help
people working on it.

Early versions of the programme smbpasswd were run suid, when Luke (?)
changed that for security reasons he decided to make sure that everyone
realised that it should no longer be suid and put a couple of line in that
detect if it is. Unfortunatly, it also detects when smbpasswd is called by
an other programme that is suid itself !

The code that does the detection is easily found in smbpasswd and disabled,
its not really required now that virtually no one has such an old version
of samba that they would be running smbpasswd as suid.

I had some notes on how to change the source (to allow it to work with a
programme that would write to smbpasswd whenever people changed their unix
passwd). I'll dig it out if anyone wants it.

David






>
>Peter Samuelson wrote:
>
>> [douglas irvine <dci at pitt.edu>]
>> > I'm running samba 2.0.6 on RedHat 6.2--all standard installs. I would
>> > like to be able to have the unix accounts have corresponding samba
>> > accounts, w/ the same passwords.
>>
>> See the following, which I announced here yesterday:
>>
>>   http://peter.cadcamlab.org/misc/pam_pwexport-0.0.tar.gz
>>
>> > or if there is another solution using PAM or somehow else
>> > automatically updating smbpasswd when "passwd" is used on the unix
>> > side--I would greatly appreciate some direction ;)
>>
>> That's exactly what this module does, if you set it up right.  It
>> harvests passwords whenever users type them in (through `login', `ssh',
>> `passwd', `ftp', etc.), and ships them to a designated program or
>> script.  The README includes an example script that uses `smbpasswd' to
>> insert the correct password into your Samba password file.
>>
>> The Linux-PAM pam_unix module has a bug which prevents my module from
>> picking up password changes, so you'll need to apply a patch (also
>> included) to Linux-PAM and rebuild it.
>>
>> Peter
>
>--
>With Windows Millenium MS was able to get the boot time down to 25 seconds.
>That's almost as short as it's uptime.
>
>
>
------------------------------------------------------------
David Bannon                      D.Bannon at latrobe.edu.au
School of Biochemistry            Phone 61 03 9479 2197
La Trobe University, Plenty Rd,   Fax   61 03 9479 2467
Bundoora, Vic, Australia, 3083    http://bioserve.latrobe.edu.au
------------------------------------------------------------
..... Humpty Dumpty was pushed !

More information about the samba-ntdom mailing list