Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 19 May 2001 22:40:28 +0200 (CEST)
From:      "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>
To:        "David W. Chapman Jr." <dwcjr@inethouston.net>
Cc:        <freebsd-ports@freebsd.org>, <freebsd-questions@freebsd.org>
Subject:   Re: SAMBA trouble 2.0.8 ->> 2.2.0
Message-ID:  <Pine.BSF.4.33.0105192238010.5332-100000@klima.physik.uni-mainz.de>
In-Reply-To: <065c01c0e0a0$cb1f7700$931576d8@inethouston.net>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 May 2001, David W. Chapman Jr. wrote:

I did so, changed back to 2.0.9 and things work as expected!

I do not understand why SAMBA team recommend using 2.2.0 with this serious bug
(this bug makes samba within our environment useless ...). I think using
the tag 'valid users = %U' is a very common way to limit access to shares
only to those are registered on the local machine ...


:>> Dear Sirs.
:>>
:>> Well, I know this is not subject of FreeBSD, but  hope someone has done
:>> several upgrades and stepped over the same problem.
:>>
:>> Due the problem with the security whole in SAMBA 2.0.8 I decided to come
:>up
:>> with SAMBA 2.2.0 and took the whole configuration over with minor
:>> corrections.
:>Samba 2.0.9 resides in /usr/ports/net/samba if you cvsup your ports.
:>
:>
:>> We use here several FreeBSD-UNIX based shares for Windows clients. One
:>> of them is "SCRATCH" as an example. It should be accessible only by those
:>> who are in the SAMBA and/or UNIX passowrd file/passwd system. I realized
:>> this prior by putting a line 'valid users = %U' into smb.conf. But this
:>does not
:>> work anymore in SAMBA 2.2.0. User authentication by 'homes' still works as
:>> expected, but all other shares based on a common use basis do not :-(
:>
:>I think this is a known bug in 2.2.0 that should be fixed in 2.2.1
:>
:>> If I remove this user's specification in smb.conf other users in the
:>> domain (we use a harsh kind of 'melting pot' of several domains here,
:>> domains differented by names, but not by IP address space ... idiots at
:>> work ...) could access the share.
:>>
:>> FreeBSD assigns unluckily all users the same group ID as this is identical
:>> to their UID. This is a security benefit - but in some cases this could be
:>a
:>> disadvantage, like SAMBA.
:>
:>give samba 2.0.9 a shot.
:>
:>

--
MfG
O. Hartmann

ohartman@klima.physik.uni-mainz.de
----------------------------------------------------------------
IT-Administration des Institut fuer Physik der Atmosphaere (IPA)
----------------------------------------------------------------
Johannes Gutenberg Universitaet Mainz
Becherweg 21
55099 Mainz

Tel: +496131/3924662 (Maschinensaal)
Tel: +496131/3924144
FAX: +496131/3923532


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.33.0105192238010.5332-100000>