Swat Authorization problem w/PAM

Kroboth, Joe joe_kroboth at chernay.com
Tue Oct 23 10:43:57 GMT 2001


Hello Again,

I changed the permissions to rw-rw---, I changed the group of smb.conf to
DOMAIN+Domain Admin.  When I log into swat and enter a NT domain name that
is part of the Domain Admin group, I have write privileges. 

Does this sound reasonably secure?

Thanks,

Joe  





-----Original Message-----
From: Kroboth, Joe 
Sent: Tuesday, October 23, 2001 12:13 PM
To: 'Jens Uwe Schmidt'
Subject: RE: Swat Authorization problem w/PAM


Hello,

Thanks for your response.

If I change the permissions to 666 I can edit the smb.conf from swat logged
in as a NT domain user.  I'm  Hoping for a better solution.  I also tried
creating a 'root' account on my NT domain....No luck.

Thanks,

Joe

-----Original Message-----
From: Jens Uwe Schmidt [mailto:j.schmidt at extracom.de]
Sent: Tuesday, October 23, 2001 12:00 PM
To: Kroboth, Joe
Subject: AW: Swat Authorization problem w/PAM


Hi,

I assume, swat uses unix accounts. May be, you can use acccounts validated
on your NT Box but then swat isn't allowed to manipulate the smb.conf file.

For a short try, you can give smb.conf the rights rw-rw-rw- and try if it
works with a user validated from the NT-Box, but switch back to the original
rights (rw-r--r--, owner and group root) and try to login to swat as root,
validated by your redhat-box.
Otherwise everyone can fiddle around in your smb.conf and get himself rights
to mount any smb-share!

Maybe you can add an account "root" on the NT-Server with the same pwd as on
the redhat box, but this is still another ugly workaround.


Bye

JUS

> -----Ursprüngliche Nachricht-----
> Von: samba-ntdom-admin at lists.samba.org
> [mailto:samba-ntdom-admin at lists.samba.org]Im Auftrag von Kroboth, Joe
> Gesendet: Dienstag, 23. Oktober 2001 17:39
> An: 'samba-ntdom at lists.samba.org'
> Betreff: Swat Authorization problem w/PAM
>
>
> Hello,
>
> Installed the binary RPM
> (http://de.samba.org/samba/ftp/Binary_Packages/redhat/RPMS/7.1/) for samba
> 2.2.2 on my redhat 7.1 server.  I got winbind to work and my
> samba server is
> now using NT usernames and groups.  I was very unsure about how modify the
> pam.d files.  The only file I changed was the /etc/pam.d/samba file.  I
> pulled this configuration from another mail post.
>
> /etc/pam.d/samba--------------------------------------
>
> auth            required        /lib/security/pam_securetty.so
> auth            required        /lib/security/pam_nologin.so
> auth            sufficient      /lib/security/pam_winbind.so
> auth            required        /lib/security/pam_pwdb.so use_first_pass
> shadow nullok
> account         required        /lib/security/pam_winbind.so
> session         required        /lib/security/pam_pwdb.so
> password        required        /lib/security/pam_pwdb.so
>
> -----------------------------------------------------------------
>
> This seems to work fine for all but SWAT.
>
> I am able to log into swat using a NT domain name and password
> (DOMAIN+name
> and password) but I do not have full access to changing the config file.
> When I try to log in as root I receive an authorization failure.
>
> Hoping someone could point me in the right direction.
>
> Thanks
>
> Joe
>
>
> Joe Kroboth
> IT Director
> Chernay Printing, Inc
> 7483 South Main Street
> PO BOX 199
> Coopersburg, PA 18036
> 610.282.3774 EXT 113
> 610.282.2982 FAX
> joe_kroboth at chernay.com
> www.chernay.com
>
>
>




More information about the samba-ntdom mailing list