samba 2.0.6 OpenVMS

John E. Malmberg wb8tyw at qsl.network
Sat Aug 24 16:28:33 GMT 2002 

> Today's Topics:
> 
>    1. samba 2.0.6  OpenVMS (=?koi8-r?B?89TF0MHOz9cg5S7hLg==?=)
> 
> --__--__--
> 
> Message: 1
> From: =?koi8-r?B?89TF0MHOz9cg5S7hLg==?= <stepanov#kuzbe.elektra.ru>
> 
> This is a multi-part message in MIME format.

Please set your mailer to PLAIN TEXT when sending Internet E-mail.
Plain text is the only universally readable e-mail format.

HTML/MIME for no good reason causes the message to be 10 times or more 
larger than needed can cause recipiants to be over their e-mail quota.

HTML/MIME severely trashes the mailing list digest, and generally causes 
messages to be discarded by recipiants or delays responses until people 
check to see what is in their spam trap.

Also try to make sure that quoted -printable is off.  It takes me quite 
a bit of time to remove it so that I can read a posting.  Unfortunately 
some e-mail systems do not seem to allow this.

> 
> Hallow, John!
> We tried to implement SAMBA 2.0.6 in OpenVMS v7.1-1H2, DEC C V5.6-003,
> UCX 4.2 ECO 1, ALPHA-Server 800 5/500.

> Installation was performed using binary distribution files. FRONTPORT
> V1_0E_02.

> SMB.CONF file is given below. Windows NT4 SP5 and W98 were used as
> clients, and, respectively, SMBPASSWD.EXE_AXP and encrypted passwords
> were used.
> 
> Our problem is: connection fails when trying to get access for a user
> that is not described in SMB.CONF as admin user, i.e. an option
> 
> admin users

I do not recall ever designating any users for that in smb.conf.  As I 
understand it, the use of this feature is a potential security hole as 
it gives the user's higer privileges than they would normally have.

I do not believe it's use is ever recommended.

> is not given. With this option a connection is fulfilled. Studying a log
> file it seems that a process of password checking occurs twice: for the
 > first time it  succeeds, but for the second time - not. I can't 
understand
> why it fails for the second time and why it should be performed twice
> (perhaps I misunderstand something?).

There is a SAMBA for OpenVMS FAQ that can be found by searching the VMS 
conference at http://encompasserve.org that may explain this and other 
issues.  http://www.google.com may also be able to find a reference to 
it when it was posted in comp.os.vms.

The typical reasons for this behavior is:

1. No guest account matching the one in SMB_CONF

2. The guest account does not have read and write access to SAMBA_ROOT:[VAR]

3. The guest account does not have read and write access to it's default 
directory.

Unlike an NT server, SAMBA Server requires a guest account for 
connections from NT and later clients.

I have reported this issue to the developers and have not received any 
feedback at all from them.

To fix this, SAMBA on all platforms needs to recognize the login that NT 
uses to browse shares as special and not requiring a guest account.  It 
still may require a special account as SAMBA downgrades the privileges 
of the server while responding to this query.

The next issue is that a user account with out elevated privilege must 
have read and write access to it's default directory.

It is very unusual to be using SYS$COMMON: as a user directory, as 
SYS$SYSROOT: and SYS$COMMON: are generally reserved for products 
installed from DIGITAL/COMPAQ/HP.

-John
wb8tyw at qsl.network
Personal Opinion Only

> Below a log file is given relating to an unsuccessful attempt to get a
> connection.
> 
>    guest account =3D samba__guest     =20
> ;   admin users =3D sea
> [homes]
>    comment =3D Home Directories
>    browseable =3D yes
>    fstype =3D ODS2
> [sea]
>    path =3D /sys$common/sea/
>    browseable =3D yes
> [samba__guest]
>    path =3D /samba_root/samba__guest/
>    guest ok =3D yes
>    browseable =3D yes
>    writeable =3D yes
>    public =3D yes
> 

> 
> Stepanov Evgeny, Risover Leonid.
> 
> 
> ------=_NextPart_000_0005_01C24858.4CF2D5E0
> Content-Type: text/html;
> 	charset="koi8-r"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

[Several useless pages of unreadable HTML snipped]

> End of samba-vms Digest

More information about the samba-vms mailing list