[Pkg-samba-maint] Bug#502801: samba: system accounts copied from /etc/passwd to /var/lib/samba/passdb.tdb

Alexis Huxley ahuxley at gmx.net
Sun Oct 19 20:48:29 UTC 2008 

Package: samba
Version: 2:3.2.3-1
Severity: normal

During installation of Samba I was presented with the following question:

	... If you do not create it, you will have to reconfigure
	Samba (and probably your client machines) to use
	plaintext passwords ... Create samba password database,
	/var/lib/samba/passdb.tdb?

Well, I didn't want to use plain text passwords so I answered "Yes". 

I then ran 'pdbedit -L' and saw that all system accounts had been copied
over (e.g. root, www-data, sys, etc). I appreciate that the accounts are
locked still requiring smbpasswd to be run, but I can't really believe
that copying *all* accounts is the correct behaviour. Actually I was a 
little alarmed by this.

I asked for advice on #debian and #debian-devel but after no answer felt
it best to submit this report even if it turns out to be wrong (better 
safe than sorry), so if you think I've missed the obvious then, by all 
means ignore this first part of this bug report with my apologies for my 
error.

In addition, the question above also says:

	... See /usr/share/doc/samba-doc/htmldocs/ENCRYPTION.html from
	the samba-doc package for more details. ...

But:

	penne# dpkg -l samba-doc | grep samba-doc
	ii  samba-doc                 2:3.2.3-1                 Samba documentation
	penne# dpkg -L samba-doc | grep ENCR
	penne# 

If you need more info then please let me know.

Alexis

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686-bigmem (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser              3.110               add and remove users and groups
ii  debconf [debconf-2.0 1.5.22              Debian configuration management sy
ii  libacl1              2.2.47-2            Access control list shared library
ii  libattr1             1:2.4.43-1          Extended attribute shared library
ii  libc6                2.7-13              GNU C Library: Shared libraries
ii  libcomerr2           1.41.0-3            common error description library
ii  libcups2             1.3.8-1lenny1       Common UNIX Printing System(tm) - 
ii  libgnutls26          2.4.1-1             the GNU TLS library - runtime libr
ii  libkrb53             1.6.dfsg.4~beta1-4  MIT Kerberos runtime libraries
ii  libldap-2.4-2        2.4.10-3            OpenLDAP libraries
ii  libpam-modules       1.0.1-4             Pluggable Authentication Modules f
ii  libpam-runtime       1.0.1-4             Runtime support for the PAM librar
ii  libpam0g             1.0.1-4             Pluggable Authentication Modules l
ii  libpopt0             1.14-4              lib for parsing cmdline parameters
ii  libtalloc1           1.2.0~git20080616-1 hierarchical pool based memory all
ii  libwbclient0         2:3.2.3-1           client library for interfacing wit
ii  logrotate            3.7.1-4             Log rotation utility
ii  lsb-base             3.2-20              Linux Standard Base 3.2 init scrip
ii  procps               1:3.2.7-8           /proc file system utilities
ii  samba-common         2:3.2.3-1           Samba common files used by both th
ii  update-inetd         4.31                inetd configuration file updater
ii  zlib1g               1:1.2.3.3.dfsg-12   compression library - runtime

samba recommends no packages.

Versions of packages samba suggests:
ii  openbsd-inetd [inet-superse 0.20080125-1 The OpenBSD Internet Superserver
pn  smbldap-tools               <none>       (no description available)

-- debconf information:
* samba/run_mode: daemons
* samba/generate_smbpasswd: true

More information about the Pkg-samba-maint mailing list