From owner-freebsd-questions Sat May 19 13:12:30 2001 Delivered-To: freebsd-questions@freebsd.org Received: from klima.physik.uni-mainz.de (klima.Physik.Uni-Mainz.DE [134.93.180.162]) by hub.freebsd.org (Postfix) with ESMTP id 9CBFD37B43E; Sat, 19 May 2001 13:12:21 -0700 (PDT) (envelope-from ohartman@klima.physik.uni-mainz.de) Received: from klima.Physik.Uni-Mainz.DE (Sturm@klima.Physik.Uni-Mainz.DE [134.93.180.162]) by klima.physik.uni-mainz.de (8.11.3/8.11.3) with ESMTP id f4JKCKd05260; Sat, 19 May 2001 22:12:20 +0200 (CEST) (envelope-from ohartman@klima.physik.uni-mainz.de) Date: Sat, 19 May 2001 22:12:20 +0200 (CEST) From: "Hartmann, O." To: Cc: Subject: SAMBA trouble 2.0.8 ->> 2.2.0 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Dear Sirs. Well, I know this is not subject of FreeBSD, but hope someone has done several upgrades and stepped over the same problem. Due the problem with the security whole in SAMBA 2.0.8 I decided to come up with SAMBA 2.2.0 and took the whole configuration over with minor corrections. We use here several FreeBSD-UNIX based shares for Windows clients. One of them is "SCRATCH" as an example. It should be accessible only by those who are in the SAMBA and/or UNIX passowrd file/passwd system. I realized this prior by putting a line 'valid users = %U' into smb.conf. But this does not work anymore in SAMBA 2.2.0. User authentication by 'homes' still works as expected, but all other shares based on a common use basis do not :-( If I remove this user's specification in smb.conf other users in the domain (we use a harsh kind of 'melting pot' of several domains here, domains differented by names, but not by IP address space ... idiots at work ...) could access the share. FreeBSD assigns unluckily all users the same group ID as this is identical to their UID. This is a security benefit - but in some cases this could be a disadvantage, like SAMBA. Does anyone has a solution for this problem? -- MfG O. Hartmann ohartman@klima.physik.uni-mainz.de ---------------------------------------------------------------- IT-Administration des Institut fuer Physik der Atmosphaere (IPA) ---------------------------------------------------------------- Johannes Gutenberg Universitaet Mainz Becherweg 21 55099 Mainz Tel: +496131/3924662 (Maschinensaal) Tel: +496131/3924144 FAX: +496131/3923532 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message