[ldap-SAMBA_2_2] join XP to the PDC and geteuid troubles
Jean Francois Micouleau
Jean-Francois.Micouleau at dalalu.fr
Sat Mar 2 02:48:02 GMT 2002
On Sat, 2 Mar 2002, Andrew Bartlett wrote:
> Ignacio Coupeau wrote:
> >
> > I found that the XP fails joining to the domain samba_2_2 (2002/03/01)
> > if the administrative account is other than root.
> > I think the reason is the geteuid() call (see below the
> > ldap_open_connection ).
> >
> > No problem is detected with NT WS because no administrative account is
> > required for the join.
> >
> > In the SAMBA_HEAD this check is not performed and don't fails.
>
> Samba HEAD now performs this check (if it wasn't doing so before).
>
> > Is this a bug?
>
> It is a security issue - we can't allow 'mere mortals' to modify the
> SAM, this is a problem in earlier versions.
>
> We need to implement a proper permissions system, but we havn't done
> that yet - so for now it is 'are you root', the same as for smbpasswd
> and tdbsam.
I have done it, full SD plus privs on SAM functions. I haven't commited it
yet.
J.F.
More information about the samba-technical
mailing list