[Samba] 'Apple' Samba 2.2.3a on OS X 10.2.6 -> Samba 2.2.8a upgrade

John Snowdon J.P.Snowdon at newcastle.ac.uk
Fri Sep 26 09:44:23 GMT 2003 

Right, well I've just downloaded the source tarball and compiled it all.
Turned of Apple samba from 'server settings' and fired up smbd and nmbd
by hand... With different log, lock and password directories to Apple
samba, btw...

/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D

/usr/local/samba/bin/smbpasswd -a root
/usr/local/samba/bin/smbpasswd -a john

So far so good. But if I try to change password as john, then I get this
error:

Old SMB password:
New SMB password:
Retype new SMB password:
machine 127.0.0.1 rejected the session setup. Error was : Call returned
zero bytes (EOF)
.
Failed to change password for john

If I try to do any queries with smbclient I get "session setup failed:
Call returned zero bytes (EOF)"

Looking in the smbd.log, there are lots of messages relating to
authentication failures and a new one I haven't seen before:

[2003/09/26 10:35:17, 0] lib/util_sec.c:assert_gid(111)
  Failed to set gid privileges to (0,20) now set to (20,20) uid=(0,0)
[2003/09/26 10:35:17, 0] lib/util.c:smb_panic(1094)
  PANIC: failed to set gid

Any ideas? Is it actually possible to replace the built in version of
Samba with a later 'proper' version that we can just do local, user
based security authentication with, or does Apples 'netinfo' system get
in the way no matter what?

 John Snowdon - IT Support Specialist
-==========================================-
 Faculty of Medical Sciences Computing Dept
 School of Medical Education Development
 University of Newcastle

 Phone : 0191 245 4230
 Email : j.p.snowdon at ncl.ac.uk


I've found that out, much to my annoyance; no rc.d startup, swat is only
half useful, restart by a gui app (which resets smb.conf unless you
'chflags' the file before and after editing)... And as you say...
integration with 'netinfo' for users and password details, which is a
complete pig.

I believe smbpasswd does not actually do anything at *all* to the
passwords. At least when I've been testing it, changing credentials with
it still allows me in with my 'old' details. The only thing it seems to
do is create accounts and null the password. The only thing that seems
to modify the smb passwords is using Apples 'Accounts' and 'Groups'
utilities.

Brilliant, just what I want from a server O/S, gui-only configuration.

Thanks for pointing it out anyway. 

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: 26 September 2003 00:08
To: John Snowdon
Cc: samba at lists.samba.org
Subject: Re: [Samba] Smbpasswd + password sync on OS X


On Thu, 2003-09-25 at 18:13, John Snowdon wrote:
> Samba 2.2.3a on OS-X 10.2.6

> Any ideas if this built in version of Samba is simply borked?

Unless it's been patched, at the very least it suffers very serious
security holes, and must be upgraded (to 2.2.8a at least).

Other than that, apple has played all sorts of fun & games with their
'version' of Samba (intergration with their directory backend), so it
could be an issue in there.

Andrew Bartlett

More information about the samba mailing list