[Pkg-samba-maint] Bug#427986: samba: Latest stable update broke "valid users" restricted shares
George B.
i93.borg at gmail.com
Fri Jun 22 23:27:55 UTC 2007
Package: samba
Version: 3.0.24-6etch4
Followup-For: Bug #427986
Hello,
I've think I have also been bitten by this bug. Trying to authenticate
from a Windows 2000 client to a share protected by "valid users" fails.
The following error is generated in the log:
---
[2007/06/23 00:18:26, 0] smbd/service.c:make_connection_snum(782)
make_connection: connection to IPC$ denied due to security descriptor.
---
I think I used to get these messages before (there are lots of them in
the logs dating back weeks) but after security upgrading the samba package
a few days ago authentication fails (it worked last week).
Using smbclient from the samba server works fine, but not from the
Windows box.
Needless to say, not being able to use "valid users" is rather sucky.
:-(
Any ideas on a fix?
Thanks,
George.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (600, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Versions of packages samba depends on:
ii debconf 1.5.11 Debian configuration management sy
ii libacl1 2.2.41-1 Access control list shared library
ii libattr1 2.4.32-1 Extended attribute shared library
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.11.14+dfsg-2 common error description library
ii libcupsy 1.2.7-4 Common UNIX Printing System(tm) -
ii libgnutl 1.4.4-3 the GNU TLS library - runtime libr
ii libkrb53 1.4.4-7etch1 MIT Kerberos runtime libraries
ii libldap2 2.1.30-13.3 OpenLDAP libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii logrotat 3.7.1-3 Log rotation utility
ii lsb-base 3.1-23.1 Linux Standard Base 3.1 init scrip
ii netbase 4.29 Basic TCP/IP networking system
ii procps 1:3.2.7-3 /proc file system utilities
ii samba-co 3.0.24-6etch4 Samba common files used by both th
ii zlib1g 1:1.2.3-13 compression library - runtime
Versions of packages samba recommends:
pn smbldap-tools <none> (no description available)
-- debconf information:
samba/nmbd_from_inetd:
* samba/run_mode: daemons
samba/log_files_moved:
samba/tdbsam: false
* samba/generate_smbpasswd: true
-------------- next part --------------
#======================= Global Settings =======================
[global]
workgroup = SDC
server string = %h server (Samba %v)
dns proxy = no
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
display charset = UTF-8
unix charset = UTF-8
#### Debugging/Accounting ####
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
####### Authentication #######
security = user
# security = share
force group = +smbusers
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
guest account = smbguest
map to guest = Bad Password
invalid users = root
null passwords = true
; unix password sync = no
; passwd program = /usr/bin/passwd %u
; passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
; pam password change = no
########## Printing ##########
# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
; load printers = yes
# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap
# CUPS printing. See also the cupsaddsmb(8) manpage in the
# cupsys-client package.
; printing = cups
; printcap name = cups
# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin
######## File sharing ########
# Name mangling options
; preserve case = yes
; short preserve case = yes
#======================= Share Definitions =======================
[home]
path = /home/boris/stuff
read only = no
guest ok = no
valid users = boris
follow symlinks = yes
[alex]
path = /home/alex
read only = no
guest ok = no
valid users = alex
[write]
comment = Folder with R/W access
path = /home/boris/samba/write
read only = no
guest ok = yes
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
[www]
comment = Web Root R/W
path = /var/www
read only = no
create mask = 0666
force create mode = 0666
directory mask = 0777
force directory mode = 0777
[anime]
comment = Anime Store (RO access)
path = /home/boris/samba/anime_store
read only = yes
guest ok = yes
# Un-comment the following and create the netlogon directory for Domain Logons
# (you need to configure Samba to act as a domain controller too.)
;[netlogon]
; comment = Network Logon Service
; path = /home/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = no
writable = no
create mode = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
# Uncomment to allow remote administration of Windows print drivers.
# Replace 'ntadmin' with the name of the group your admin users are
# members of.
; write list = root, @ntadmin
write list = root
# A sample share for sharing your CD-ROM with others.
;[cdrom]
; comment = Samba server's CD-ROM
; writable = no
; locking = no
; path = /cdrom
; public = yes
# The next two parameters show how to auto-mount a CD-ROM when the
# cdrom share is accesed. For this to work /etc/fstab must contain
# an entry like this:
#
# /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0
#
# The CD-ROM gets unmounted automatically after the connection to the
#
# If you don't want to use auto-mounting/unmounting make sure the CD
# is mounted on /cdrom
#
; preexec = /bin/mount /cdrom
; postexec = /bin/umount /cdrom
More information about the Pkg-samba-maint
mailing list