From owner-freebsd-ports Sat May 19 13:18: 0 2001 Delivered-To: freebsd-ports@freebsd.org Received: from leviathan.inethouston.net (216-118-21-146.pdq.net [216.118.21.146]) by hub.freebsd.org (Postfix) with ESMTP id CFE6837B424; Sat, 19 May 2001 13:17:54 -0700 (PDT) (envelope-from dwcjr@inethouston.net) Received: from dwcjr (DWCJR.inethouston.net [216.118.21.147]) by leviathan.inethouston.net (Postfix) with ESMTP id 6FC8110F40F; Sat, 19 May 2001 15:17:57 -0500 (CDT) Message-ID: <065c01c0e0a0$cb1f7700$931576d8@inethouston.net> From: "David W. Chapman Jr." To: "Hartmann, O." , Cc: References: Subject: Re: SAMBA trouble 2.0.8 ->> 2.2.0 Date: Sat, 19 May 2001 15:17:57 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Dear Sirs. > > Well, I know this is not subject of FreeBSD, but hope someone has done > several upgrades and stepped over the same problem. > > Due the problem with the security whole in SAMBA 2.0.8 I decided to come up > with SAMBA 2.2.0 and took the whole configuration over with minor > corrections. Samba 2.0.9 resides in /usr/ports/net/samba if you cvsup your ports. > We use here several FreeBSD-UNIX based shares for Windows clients. One > of them is "SCRATCH" as an example. It should be accessible only by those > who are in the SAMBA and/or UNIX passowrd file/passwd system. I realized > this prior by putting a line 'valid users = %U' into smb.conf. But this does not > work anymore in SAMBA 2.2.0. User authentication by 'homes' still works as > expected, but all other shares based on a common use basis do not :-( I think this is a known bug in 2.2.0 that should be fixed in 2.2.1 > If I remove this user's specification in smb.conf other users in the > domain (we use a harsh kind of 'melting pot' of several domains here, > domains differented by names, but not by IP address space ... idiots at > work ...) could access the share. > > FreeBSD assigns unluckily all users the same group ID as this is identical > to their UID. This is a security benefit - but in some cases this could be a > disadvantage, like SAMBA. give samba 2.0.9 a shot. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message