From owner-freebsd-ports Sat May 19 13:40:39 2001 Delivered-To: freebsd-ports@freebsd.org Received: from klima.physik.uni-mainz.de (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by hub.freebsd.org (Postfix) with ESMTP id 4F69137B422; Sat, 19 May 2001 13:40:32 -0700 (PDT) (envelope-from ohartman@klima.physik.uni-mainz.de) Received: from klima.Physik.Uni-Mainz.DE (Sturm@klima.Physik.Uni-Mainz.DE [134.93.180.162]) by klima.physik.uni-mainz.de (8.11.3/8.11.3) with ESMTP id f4JKeSd25675; Sat, 19 May 2001 22:40:28 +0200 (CEST) (envelope-from ohartman@klima.physik.uni-mainz.de) Date: Sat, 19 May 2001 22:40:28 +0200 (CEST) From: "Hartmann, O." To: "David W. Chapman Jr." Cc: , Subject: Re: SAMBA trouble 2.0.8 ->> 2.2.0 In-Reply-To: <065c01c0e0a0$cb1f7700$931576d8@inethouston.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Sat, 19 May 2001, David W. Chapman Jr. wrote: I did so, changed back to 2.0.9 and things work as expected! I do not understand why SAMBA team recommend using 2.2.0 with this serious bug (this bug makes samba within our environment useless ...). I think using the tag 'valid users = %U' is a very common way to limit access to shares only to those are registered on the local machine ... :>> Dear Sirs. :>> :>> Well, I know this is not subject of FreeBSD, but hope someone has done :>> several upgrades and stepped over the same problem. :>> :>> Due the problem with the security whole in SAMBA 2.0.8 I decided to come :>up :>> with SAMBA 2.2.0 and took the whole configuration over with minor :>> corrections. :>Samba 2.0.9 resides in /usr/ports/net/samba if you cvsup your ports. :> :> :>> We use here several FreeBSD-UNIX based shares for Windows clients. One :>> of them is "SCRATCH" as an example. It should be accessible only by those :>> who are in the SAMBA and/or UNIX passowrd file/passwd system. I realized :>> this prior by putting a line 'valid users = %U' into smb.conf. But this :>does not :>> work anymore in SAMBA 2.2.0. User authentication by 'homes' still works as :>> expected, but all other shares based on a common use basis do not :-( :> :>I think this is a known bug in 2.2.0 that should be fixed in 2.2.1 :> :>> If I remove this user's specification in smb.conf other users in the :>> domain (we use a harsh kind of 'melting pot' of several domains here, :>> domains differented by names, but not by IP address space ... idiots at :>> work ...) could access the share. :>> :>> FreeBSD assigns unluckily all users the same group ID as this is identical :>> to their UID. This is a security benefit - but in some cases this could be :>a :>> disadvantage, like SAMBA. :> :>give samba 2.0.9 a shot. :> :> -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ---------------------------------------------------------------- IT-Administration des Institut fuer Physik der Atmosphaere (IPA) ---------------------------------------------------------------- Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinensaal) Tel: +496131/3924144 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message