winbindd privileged dir permissions
rpv_muma
rpv at muma.tusur.ru
Mon Nov 1 04:59:30 GMT 2004
I have build samba+openldap PDC and wanted to setup NTLM auth on my
squid proxy. My system is FreeBSD 5.1 and samba version is 3.0.7.
In this setup ntlm_auth works as squid user and need
to open $LOCKDIR/winbindd_privileged/pipe.
As documented in winbindd man page "only users in the 'root' group will get this
access", but group permissions is r-x by default. When started,
winbindd checks ownership and permissions and it is impossible to
change it to my needs. It looks like a problem %)
I propose to change default permissions from 0750 to 0770 in
winbindd_util.c/open_winbindd_priv_socket(void)
{
if (_winbindd_priv_socket == -1) {
_winbindd_priv_socket = create_pipe_sock(
-- get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0750);
++ get_winbind_priv_pipe_dir(), WINBINDD_SOCKET_NAME, 0770);
DEBUG(10, ("open_winbindd_priv_socket: opened socket fd %d\n",
_winbindd_priv_socket));
...
This "patch" makes possible changing ownership on
.../winbindd_privileged/ to root:squid and makes system to work.
also I have found an error in Samba-Guide.pdf, Example 7.3.3
add user script = .../smbldap-useradd.pl -a -m '%u'
key -a says to script to add sambaSamAccount objectClass records into
LDAP. After running "add user script" samba tries to add Samba
attributes too, and I get an error when adding users to domain(but
user was added).
Users adds ok after key -a is removed.
--
Best regards,
Pavel Rochnyack mailto:rpv at muma.tusur.ru
More information about the samba-technical
mailing list