Patch to fix samba 3.5.15 domain security
TAKAHASHI Motonobu
monyo at monyo.com
Sat May 5 12:15:32 MDT 2012
From: John Wehle <john at feith.com>
Date: Fri, 4 May 2012 19:02:00 -0400 (EDT)
> Consider the following working samba 3.3.9 configuration:
>
> machine1 smb.conf machine2 smb.conf
> [global] [global]
> ... ...
> domain master = yes domain master = no
> local master = yes local master = no
> preferred master = yes preferred master = no
> os level = 65 os level = 65
> workgroup = WORKGROUP workgroup = WORKGROUP
> security = user security = domain
> domain logons = yes password server = machine1
> encrypt passwords = yes
> passdb backend = smbpasswd
>
> A client attempting to access a resource on machine2 will cause
> machine2 to contact machine1 in order to authenticate the user.
> This allows all the passwords to be maintained in one place.
>
> Everything worked fine with both machines running 3.3.9.
>
> Everything worked fine after upgrading machine1 from 3.3.9 to 3.5.15.
> Clients could access resources on machine1 by entering:
>
> Username
> Password
>
> Once machine2 was upgraded to from 3.3.9 to 3.5.15 clients were
> no longer able to access resources on machine2 by entering:
>
> Username
> Password
What you want is "map untrusted to domain = yes"?
After Samba 3.4.0, Samba's behavior around where you ask to was
changed. See smb.conf(5)
---
TAKAHASHI Motonobu <monyo at samba.gr.jp>
More information about the samba-technical
mailing list