[Pkg-samba-maint] Bug#536365: Bug#536365: Bug#536365: samba: domain member don't authorize domain users

Vladimir Stavrinov vs at inist.ru
Fri Jul 10 08:44:41 UTC 2009 

On Fri, Jul 10, 2009 at 06:43:47AM +0200, Christian Perrier wrote:

> Please take care to isolate the place where the problem clearly
> appears, as much as you can. If the file is big, then gzip it, but
> don't worry.

Here is test scenario:

1. Fresh install samba onto machine hog for test purpose only.
2. Modify smb.conf and join domain inistdom.
3. Stop samba
4. Remove all samba log files.
5. Create unix user vs
6. Start samba
7. Log on domain member pot 2003 server as domain user vs
8. From pot try to open hog - it ask me password.
9. Stop samba and make archive of /var/log/samba.

See file hog_samba_log.tar.gz in attachment.

> Good. But, really, the content of smb.conf will be asked by upstream
> so let's prepare to send it to them. And, as I said, instead of the
> smb.conf file, please send the output of "testparm".

See file hog_smb.conf in attachment.

> You proviously had a samba server that was a member of a domain and (I
> guess) serving files to users of that domain. It was running 3.3.6.

Yes.

> That server was running Debian unstable, I guess.

Yes.

> You upgraded it and samba got upgraded to 3.4.0. Then file services
> were not working anymore.

Yes. It give read only access for anonymous users.
 
> Trying to rejoin the domain was successful....but still then the file
> services are not working anymore.

No, this is production server not for experiment. I downgrade it to 2:3.3.4-1
 
> Am I understanding things properly?

Yes. More over - there is other samba server in the same situation. Two
servers behave equally.
 
> What is the domain server? I understand this is a Windows server (you
> mentioned W2K somewhere). Right?

Yes, pdc is w2k.

By the way, there was once more test. When I change password with
smbpasswd to make it the same as domain user password, it don't ask
password any more to open samba homes. This mean it authorize user
locally instead with domain the same way as if security = SERVER.
 
-- 

*********************************
****   Vladimir Stavrinov  ******
*******   vs at inist.ru   *********
*********************************

More information about the Pkg-samba-maint mailing list