acls and smb passwd file
system manager
system at niuhep.physics.niu.edu
Fri Jul 25 05:33:58 GMT 2003
Hello,
If I try to run samba_root:[bin]smbpasswd as a non-priv.ed user I get :
Error Lock Volume F11B$vUSER1 : insufficient privilege or object protection violation
repeated ten times and then
Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the session setup. Error was
: Call returned zero bytes (EOF)
.
Failed to change password for MORPHIS
where it doesn't matter what I put in for the passwords, except that
if the two new passwords don't match it rejects me for that.
USER1 is the label of the disk that happens to be my default and of course
MORPHIS is my username.
This appears to occur in [.SOURCE.VMS]VMS_SUPPORT.C
in
char *getpass(char *prompt)
[big snip]
new_cache->label[volnamsize] = 0;
strcpy (new_cache->resname,"F11B$v");
strcat (new_cache->resname,new_cache->label);
for (i=0;i<18;i++) {
if (new_cache->resname[i] == 0)
new_cache->resname[i] = ' ';
}
/* Put this new cache in the list */
if (first_cache == NULL)
first_cache = new_cache;
else
{
cur_cache = first_cache;
while (cur_cache->next != NULL)
cur_cache = cur_cache -> next;
cur_cache->next = new_cache;
}
/* Get infos about the RSB of the volume lock */
cur_cache = new_cache;
}
sts = sys$cmkrnl (update_lock,0);
if ((sts & 1) != 1)
DEBUG(0,(" Error Lock Volume %s : %s\n",cur_cache->resname,
str_cache->resname, strerror(EVMSERR,sts)));
OTOH if I set proc/priv=nocmkrnl I get the same error messages
but the password successfully changes.
Changing permissions on the directory and teh file with passwords
doesn't seem to do any good.
Why is it trying to lock a volume?
Why is it trying to create cache based on where the user is sitting?
---------
when I run testparm I get:
WARNING: lock directory /samba_root/var/locks should have permissions 0755
for browsing to work
SAMBA_ROOT:[VAR]LOCKS.DIR;1 (RWE,RWE,RE,RW)
I tried changing it to w:re but no change.
---------
Perhaps this is entirely unrelated but if I do
$ mcr authorize sho system/all
system has the following identifier
SAMBA_ROOT %X80010017
which I saw during the install process.
When I do
$ dir/secu samba_root:[000000...]*.dir
I see something like the following (much edited)
Directory SAMBA_ROOT:[000000]
BIN.DIR;1 [SYSTEM] (RWE,RWE,RE,RE)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
LIB.DIR;1 [SYSTEM] (RWE,RWE,RE,RE)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
PRIVATE.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
SWAT.DIR;1 [SYSTEM] (RWE,RWE,RWE,)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RE)
TMP.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
VAR.DIR;1 [SYSTEM] (RWE,RWE,RE,RW)
(IDENTIFIER=*,OPTIONS=DEFAULT,ACCESS=READ+WRITE+CONTROL)
(DEFAULT_PROTECTION,SYSTEM:RWED,OWNER:RWED,GROUP:RW,WORLD:RW)
The files in [var] have the same identifier. The files in [swat]
look like:
SAM.AA01_GIF;1 [SYSTEM] (RWED,RWED,RE,)
(IDENTIFIER=%X80010031,ACCESS=READ+WRITE+EXECUTE+DELETE+CONTROL)
If I do
UAF> sho /id/value=(id:%X10031)
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier
------------------------------------
smb.conf
[global]
workgroup = PHYSICS
dead time = 10
map archive = no
printing = bsd
printcap name = /samba_root/lib/dummyprintcap.dat
load printers = yes
print command = print %f/queue=%p/delete/passall/name="""""%s"""""
lprm command = delete/entry=%j
security = user
smb passwd file = /samba_root/private/smbpasswd.dat
encrypt passwords = yes
default service = default
create mode = 0777
guest account = PCFS$ACCOUNT
log file = /samba_log/log.%m
socket options = TCP_NODELAY
lock directory = /samba_root/var/locks
share modes = yes
[homes]
comment = Home Directories
browseable = yes
read only = no
create mode = 0750
; path = /user1/%U/
[shr5]
comment = Disk
browseable = yes
read only = no
create mode = 0750
path = /shr5/%U/
[scr3]
comment = Disk
browseable = yes
read only = no
create mode = 0750
path = /scr3/%U
[printers]
comment = All Printers
browseable = no
printable = yes
public = yes
writable = no
create mode = 0700
More information about the samba-vms
mailing list