critical bug [for me] in authentification module

Bartlomiej Solarz-Niesluchowski Bartlomiej.Solarz-Niesluchowski at wsisiz.edu.pl
Mon Jun 14 09:04:03 GMT 2004 

Good morning!

I suspect that I found critical bug in authentification module....

I am senior system administrator of the WSISiZ network. We have a lot of
servers with samba. On our main server sit samba 2.2.9 with LDAP based tree of
users. Samba on main serwer is domain controler. On our different serwers sit
samba 3.0.x with role DOMAIN_MEMBER.

I have problems with authentification after changing versions od SAMBA from
3.0.2 to 3.0.4 (3.0.5pre1 tested too).

On server direct i have a smbusers file like:
!solarz = solarz
nobody = *

in smb.conf i have:
         workgroup = WSISIZ.EDU.PL
         security = DOMAIN
         username map = /etc/samba/smbusers

[admin]
         path = /home/ftp
         valid users = admin, solarz
         force user = admin
         force group = admin
         read only = No

ON samba 3.0.2 I can mount this share on 3.0.5 I cannot do this.... - I think
this has to be problem with force user or smbusers file.

HERE is diff in log files in critical section:

samba 3.0.2 (FC1):
[2004/06/14 10:40:08, 3] auth/auth.c:check_ntlm_password(268)
   check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:push_sec_ctx(256)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 3] smbd/uid.c:push_conn_ctx(287)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(459)
   smb_pam_start: PAM: Init user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(476)
   smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(485)
   smb_pam_start: PAM: setting tty
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(493)
   smb_pam_start: PAM: Init passed for user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(551)
   smb_pam_account: PAM: Account Management for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(570)
   smb_pam_account: PAM: Account OK for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_end(440)
   smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 5] auth/auth.c:check_ntlm_password(292)
   check_ntlm_password:  PAM Account for user [solarz] succeeded
[2004/06/14 10:40:08, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [solarz] -> [solarz] ->
[solarz] succeeded

samba 3.0.5pre1:
[2004/06/14 10:38:06, 3] auth/auth.c:check_ntlm_password(268)
   check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 3] smbd/uid.c:push_conn_ctx(357)
   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(459)
   smb_pam_start: PAM: Init user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(476)
   smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(485)
   smb_pam_start: PAM: setting tty
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(493)
   smb_pam_start: PAM: Init passed for user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(551)
   smb_pam_account: PAM: Account Management for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(570)
   smb_pam_account: PAM: Account OK for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_end(440)
   smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 5] auth/auth.c:check_ntlm_password(292)
   check_ntlm_password:  PAM Account for user [nobody] succeeded
[2004/06/14 10:38:06, 2] auth/auth.c:check_ntlm_password(305)
   check_ntlm_password:  authentication for user [solarz] -> [solarz] ->
[nobody] succeeded


--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wsisiz.edu.pl
01-447 Warszawa, ul. Newelska 6, pokoj 404, pon.-pt. 8-16, tel. 836-92-53
Motto - nie psuj Win'9x one i bez tego sie psuja....
Jak sobie poscielisz tak sie wyspisz

More information about the samba-technical mailing list