[ldap-SAMBA_2_2] join XP to the PDC and geteuid troubles
Andrew Bartlett
abartlet at pcug.org.au
Sat Mar 2 02:33:04 GMT 2002
Ignacio Coupeau wrote:
>
> I found that the XP fails joining to the domain samba_2_2 (2002/03/01)
> if the administrative account is other than root.
> I think the reason is the geteuid() call (see below the
> ldap_open_connection ).
>
> No problem is detected with NT WS because no administrative account is
> required for the join.
>
> In the SAMBA_HEAD this check is not performed and don't fails.
Samba HEAD now performs this check (if it wasn't doing so before).
> Is this a bug?
It is a security issue - we can't allow 'mere mortals' to modify the
SAM, this is a problem in earlier versions.
We need to implement a proper permissions system, but we havn't done
that yet - so for now it is 'are you root', the same as for smbpasswd
and tdbsam.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
More information about the samba-technical
mailing list