Potential shoot-your-self-in-the-foot with net conf setparm

Christof Schmitt cs at samba.org
Mon Apr 30 21:07:18 UTC 2018


On Mon, Apr 30, 2018 at 01:03:42PM -0700, Richard Sharpe via samba-technical wrote:
> Hi folks,
> 
> I managed to hit this sequence with a 4.5.15 installation, and it does
> not look like things have changed much in this area:
> 
> -----------------
> $ net conf setparm global "kerberos method" secrets
> $ net conf list
> WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
> Can't load /etc/samba/smb.conf - run testparm to debug it
> $ man smb.conf
> $ net conf setparm global "kerberos method" "secrets only"
> WARNING: Ignoring invalid value 'secrets' for parameter 'kerberos method'
> Can't load /etc/samba/smb.conf - run testparm to debug it
> ------------------
> 
> After that I was screwed, although maybe I could use tdbtool to fix the issue.
> 
> Has this been fixed in recent code or should I file a ticket?

Yes, this should be fixed since 4.6.0. I think these are the relevant
commits:

1f91b6a param: validate value in lp_canonicalize_parameter_with_value()
fa7e40b param: use early return in lp_canonicalize_parameter_with_value()
21ae887 param: add lp_parameter_value_is_valid() function

And that has been committed before 4.6.0:

$ git describe --contains 1f91b6a  --match samba\*
samba-4.6.0rc1~571

Christof



More information about the samba-technical mailing list