From owner-freebsd-questions  Sat May 19 13:18: 1 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from leviathan.inethouston.net (216-118-21-146.pdq.net [216.118.21.146])
	by hub.freebsd.org (Postfix) with ESMTP
	id CFE6837B424; Sat, 19 May 2001 13:17:54 -0700 (PDT)
	(envelope-from dwcjr@inethouston.net)
Received: from dwcjr (DWCJR.inethouston.net [216.118.21.147])
	by leviathan.inethouston.net (Postfix) with ESMTP
	id 6FC8110F40F; Sat, 19 May 2001 15:17:57 -0500 (CDT)
Message-ID: <065c01c0e0a0$cb1f7700$931576d8@inethouston.net>
From: "David W. Chapman Jr." <dwcjr@inethouston.net>
To: "Hartmann, O." <ohartman@klima.physik.uni-mainz.de>,
	<freebsd-ports@freebsd.org>
Cc: <freebsd-questions@freebsd.org>
References: <Pine.BSF.4.33.0105192204100.770-100000@klima.physik.uni-mainz.de>
Subject: Re: SAMBA trouble 2.0.8 ->> 2.2.0
Date: Sat, 19 May 2001 15:17:57 -0500
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> Dear Sirs.
>
> Well, I know this is not subject of FreeBSD, but  hope someone has done
> several upgrades and stepped over the same problem.
>
> Due the problem with the security whole in SAMBA 2.0.8 I decided to come
up
> with SAMBA 2.2.0 and took the whole configuration over with minor
> corrections.
Samba 2.0.9 resides in /usr/ports/net/samba if you cvsup your ports.


> We use here several FreeBSD-UNIX based shares for Windows clients. One
> of them is "SCRATCH" as an example. It should be accessible only by those
> who are in the SAMBA and/or UNIX passowrd file/passwd system. I realized
> this prior by putting a line 'valid users = %U' into smb.conf. But this
does not
> work anymore in SAMBA 2.2.0. User authentication by 'homes' still works as
> expected, but all other shares based on a common use basis do not :-(

I think this is a known bug in 2.2.0 that should be fixed in 2.2.1

> If I remove this user's specification in smb.conf other users in the
> domain (we use a harsh kind of 'melting pot' of several domains here,
> domains differented by names, but not by IP address space ... idiots at
> work ...) could access the share.
>
> FreeBSD assigns unluckily all users the same group ID as this is identical
> to their UID. This is a security benefit - but in some cases this could be
a
> disadvantage, like SAMBA.

give samba 2.0.9 a shot.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message