[Samba] Run smbd in AD user context

Jeremy Allison jra at samba.org
Fri Mar 9 19:39:55 UTC 2018

On Fri, Mar 09, 2018 at 12:07:54PM +0100, Davor Vusir via samba wrote:
> Hi all!
> Is it possible to run smbd in an AD user's context?
> If not, is it possible to have smbd to tell a third-party function to not
> stray outside from logged on user's (AD user) context (home directory)?
> I'm programming a VFS module[1] which will be the bridge between Windows
> and iRODS[2]. iRODS depends on a configuration file,
> .irods/irods_environment.json, which resides in the user's home directory.
> The file is read and evaluated and the result is fed to a function that
> does the connection to yhe iRODS servers.
> Once I have succeded to read my environment file but not managed to get
> pass the connection phase.
> If I run gdb in the context of a local user (the same that is created
> during installation of Ubuntu) the VFS module stops and complains at
> permission error (see below).
> If I run gdb in root context the VFS module stops and complains at
> permission error (exchange below error with '/root/.irods').
> If I start smbd from /etc/init.d/smbd it stops because there is no
> environment file in '/var/lib/irods/.irods'.

smbd_become_authenticated_pipe_user() doesn't change your $HOME
environment variable.

You need to do more work to correctly become the user you want
to access irods from.

More information about the samba mailing list