AFS token issue in samba 3.3.5?
Chris Garrison
ecgarris at iupui.edu
Fri Sep 17 07:07:18 MDT 2010
Hello,
We were running samba-3.4.5 with fake-kaserver compiled in to overlay it
on top of AFS.
With the new security announcement, I've been trying to upgrade to 3.5.5
and have run into a problem.
If a user tries to go to the [homes] share, which uses the passwd file
to take them to their home directory within the AFS tree (doesn't matter
the client, we've tried from Mac and Windows) the connection fails, and
the logs indicate "canonicalize_connect_path failed for service username".
However, if the user first goes to the [afs-home] share, which doesn't
require AFS tokens to view, they can drill down to their home directory
and it will function normally. In fact, if at this point the user
disconnects Samba and the comes back with a new connection to their own
homedir on [homes], it will work.
It seems to me that something's changed between versions, that directory
permissions are now being checked *before* the token is generated.
Since it worked in 3.4.5 with the same smb.conf and same samba.spec
options, I think it must have been a recent code change, possibly even
something in the security patches.
Any help would be appreciated!
Chris
--
Chris Garrison
Indiana University
Research Computing Storage
ecgarris at iupui.edu
More information about the samba-technical
mailing list