[ldap-SAMBA_2_2] join XP to the PDC and geteuid troubles

Andrew Bartlett abartlet at pcug.org.au
Sat Mar 2 02:33:04 GMT 2002


Ignacio Coupeau wrote:
> 
> I found that the XP fails joining to the domain samba_2_2 (2002/03/01)
> if the administrative account is other than root.
> I think the reason is the geteuid() call (see below the
> ldap_open_connection ).
> 
> No problem is detected with NT WS because no administrative account is
> required for the join.
> 
> In the SAMBA_HEAD this check is not performed and don't fails.

Samba HEAD now performs this check (if it wasn't doing so before).  

> Is this a bug?

It is a security issue - we can't allow 'mere mortals' to modify the
SAM, this is a problem in earlier versions.

We need to implement a proper permissions system, but we havn't done
that yet - so for now it is 'are you root', the same as for smbpasswd
and tdbsam.

Andrew Bartlett
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net




More information about the samba-technical mailing list