winbindd privileged dir permissions

rpv_muma rpv at
Mon Nov 1 04:59:30 GMT 2004

I have build samba+openldap PDC and wanted to setup NTLM auth on my
squid proxy. My system is FreeBSD 5.1 and samba version is 3.0.7.

In this setup ntlm_auth works as squid user and need
to open $LOCKDIR/winbindd_privileged/pipe.
As documented in winbindd  man page "only users in the 'root' group will   get this
access", but group permissions is r-x by default. When started,
winbindd checks ownership and permissions and it is impossible to
change it to my needs. It looks like a problem %)

I propose to change default permissions from 0750 to 0770 in

        if (_winbindd_priv_socket == -1) {
                _winbindd_priv_socket = create_pipe_sock(
--                        get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
++                        get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0770);
                DEBUG(10, ("open_winbindd_priv_socket: opened socket fd %d\n",

This "patch" makes possible changing ownership on
.../winbindd_privileged/ to root:squid and makes system to work.

also I have found an error in Samba-Guide.pdf, Example 7.3.3

add user script = .../ -a -m '%u'

key -a says to script to add sambaSamAccount objectClass records into
LDAP. After running "add user script" samba tries to add Samba
attributes too, and I get an error when adding users to domain(but
user was added).

Users adds ok after key -a is removed.

Best regards,
Pavel Rochnyack                      mailto:rpv at

More information about the samba-technical mailing list