[ldap-SAMBA_2_2] join XP to the PDC and geteuid troubles

Andrew Bartlett abartlet at pcug.org.au
Sat Mar 2 02:33:04 GMT 2002

Ignacio Coupeau wrote:
> I found that the XP fails joining to the domain samba_2_2 (2002/03/01)
> if the administrative account is other than root.
> I think the reason is the geteuid() call (see below the
> ldap_open_connection ).
> No problem is detected with NT WS because no administrative account is
> required for the join.
> In the SAMBA_HEAD this check is not performed and don't fails.

Samba HEAD now performs this check (if it wasn't doing so before).  

> Is this a bug?

It is a security issue - we can't allow 'mere mortals' to modify the
SAM, this is a problem in earlier versions.

We need to implement a proper permissions system, but we havn't done
that yet - so for now it is 'are you root', the same as for smbpasswd
and tdbsam.

Andrew Bartlett
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba-technical mailing list