Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 9 Nov 2004 06:28:22 GMT
From:      bob frazier <bobf@mrp3.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/73703: Samba 'obey pam restrictions' causes PANIC in Samba 3
Message-ID:  <200411090628.iA96SM6P093555@www.freebsd.org>
Resent-Message-ID: <200411090630.iA96ULDt002752@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         73703
>Category:       ports
>Synopsis:       Samba 'obey pam restrictions' causes PANIC in Samba 3
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 09 06:30:21 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     bob frazier
>Release:        RELENG_5 (5.3-STABLE #1)
>Organization:
SFT Inc.
>Environment:
FreeBSD BSDServer.SFT.local 5.3-STABLE FreeBSD 5.3-STABLE #1: Tue Oct 26 20:13:16 PDT 2004     root@:/usr/obj/usr/src/sys/GENERIC  i386

>Description:
When attempting to use the latest Samba 3 port (3.0.7), following a portupgrade of all ports (using cvs tag RELEASE_5_3_0), I noticed that all users that had a login without a blank password were unable to list or access any shares.  Blank password users (such as a 'guest' type user without a password) worked ok.  Domain logins still worked properly.  Only access to the shares was affected.  When I commented out the "obey pam restrictions = yes" line in smb.conf, the problem went away.  Rebuilding the port via portupgrade -f (as well as 'make deinstall' / 'make reinstall'), restoring tdb's from backup, etc. had no effect.
>How-To-Repeat:
using FBSD RELENG_5, Samba 3.0.7 and latest ports
a) set up Samba 3 as a domain controller
b) add some shares and users
c) add the line "obey pam restrictions = yes" to the global section of smb.conf
d) attempt to list shares without a user (smbclient -U% -L localhost) and with a user (smbclient -U username -L localhost) where 'username' is a valid user with a password (and not 'root').
e) remove the line "obey pam restrictions = yes" from the global section of smb.conf
f) repeat step d.

>Fix:
remove the line "obey pam restrictions = yes" from the global section of smb.conf to work around the problem.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200411090628.iA96SM6P093555>