critical bug [for me] in authentification module
Bartlomiej Solarz-Niesluchowski
Bartlomiej.Solarz-Niesluchowski at wsisiz.edu.pl
Mon Jun 14 09:04:03 GMT 2004
Good morning!
I suspect that I found critical bug in authentification module....
I am senior system administrator of the WSISiZ network. We have a lot of
servers with samba. On our main server sit samba 2.2.9 with LDAP based tree of
users. Samba on main serwer is domain controler. On our different serwers sit
samba 3.0.x with role DOMAIN_MEMBER.
I have problems with authentification after changing versions od SAMBA from
3.0.2 to 3.0.4 (3.0.5pre1 tested too).
On server direct i have a smbusers file like:
!solarz = solarz
nobody = *
in smb.conf i have:
workgroup = WSISIZ.EDU.PL
security = DOMAIN
username map = /etc/samba/smbusers
[admin]
path = /home/ftp
valid users = admin, solarz
force user = admin
force group = admin
read only = No
ON samba 3.0.2 I can mount this share on 3.0.5 I cannot do this.... - I think
this has to be problem with force user or smbusers file.
HERE is diff in log files in critical section:
samba 3.0.2 (FC1):
[2004/06/14 10:40:08, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(459)
smb_pam_start: PAM: Init user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(476)
smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(485)
smb_pam_start: PAM: setting tty
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(493)
smb_pam_start: PAM: Init passed for user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(551)
smb_pam_account: PAM: Account Management for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(570)
smb_pam_account: PAM: Account OK for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_end(440)
smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 5] auth/auth.c:check_ntlm_password(292)
check_ntlm_password: PAM Account for user [solarz] succeeded
[2004/06/14 10:40:08, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [solarz] -> [solarz] ->
[solarz] succeeded
samba 3.0.5pre1:
[2004/06/14 10:38:06, 3] auth/auth.c:check_ntlm_password(268)
check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 3] smbd/uid.c:push_conn_ctx(357)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(459)
smb_pam_start: PAM: Init user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(476)
smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(485)
smb_pam_start: PAM: setting tty
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(493)
smb_pam_start: PAM: Init passed for user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(551)
smb_pam_account: PAM: Account Management for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(570)
smb_pam_account: PAM: Account OK for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_end(440)
smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 5] auth/auth.c:check_ntlm_password(292)
check_ntlm_password: PAM Account for user [nobody] succeeded
[2004/06/14 10:38:06, 2] auth/auth.c:check_ntlm_password(305)
check_ntlm_password: authentication for user [solarz] -> [solarz] ->
[nobody] succeeded
--
Bartlomiej Solarz-Niesluchowski, Administrator WSISiZ
e-mail: Bartlomiej.Solarz-Niesluchowski at wsisiz.edu.pl
01-447 Warszawa, ul. Newelska 6, pokoj 404, pon.-pt. 8-16, tel. 836-92-53
Motto - nie psuj Win'9x one i bez tego sie psuja....
Jak sobie poscielisz tak sie wyspisz
More information about the samba-technical
mailing list