1460 – Critical Problems with authentification!

Bug 1460 - Critical Problems with authentification!

Summary: Critical Problems with authentification!

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	Domain Control (show other bugs)
Version:	3.0.4
Hardware:	All All

Importance:	P3 normal
Target Milestone:	none
Assignee:	Gerald (Jerry) Carter (dead mail address)
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-06-14 02:00 UTC by Bartlomiej Solarz-Niesluchowski
Modified:	2005-08-24 10:17 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bartlomiej Solarz-Niesluchowski 2004-06-14 02:00:42 UTC

Good morning!

I suspect that I found critical bug in authentification module....

I am senior system administrator of the WSISiZ network. We have a lot of 
servers with samba. On our main server sit samba 2.2.9 with LDAP based tree of 
users. Samba on main serwer is domain controler. On our different serwers sit 
samba 3.0.x with role DOMAIN_MEMBER.

I have problems with authentification after changing versions od SAMBA from 
3.0.2 to 3.0.4 (3.0.5pre1 tested too).

On server direct i have a smbusers file like:
!solarz = solarz
nobody = *

in smb.conf i have:
        workgroup = WSISIZ.EDU.PL
        security = DOMAIN
        username map = /etc/samba/smbusers

[admin]
        path = /home/ftp
        valid users = admin, solarz
        force user = admin
        force group = admin
        read only = No

ON samba 3.0.2 I can mount this share on 3.0.5 I cannot do this.... - I think 
this has to be problem with force user or smbusers file.

HERE is diff in log files in critical section:

samba 3.0.2 (FC1):
[2004/06/14 10:40:08, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 3] smbd/uid.c:push_conn_ctx(287)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(459)
  smb_pam_start: PAM: Init user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(476)
  smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(485)
  smb_pam_start: PAM: setting tty
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_start(493)
  smb_pam_start: PAM: Init passed for user: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(551)
  smb_pam_account: PAM: Account Management for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_account(570)
  smb_pam_account: PAM: Account OK for User: solarz
[2004/06/14 10:40:08, 4] auth/pampass.c:smb_pam_end(440)
  smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:40:08, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:40:08, 5] auth/auth.c:check_ntlm_password(292)
  check_ntlm_password:  PAM Account for user [solarz] succeeded
[2004/06/14 10:40:08, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [solarz] -> [solarz] -> 
[solarz] succeeded

samba 3.0.5pre1:
[2004/06/14 10:38:06, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: winbind authentication for user [solarz] succeeded
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 3] smbd/uid.c:push_conn_ctx(357)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(459)
  smb_pam_start: PAM: Init user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(476)
  smb_pam_start: PAM: setting rhost to: 213.135.45.243
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(485)
  smb_pam_start: PAM: setting tty
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_start(493)
  smb_pam_start: PAM: Init passed for user: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(551)
  smb_pam_account: PAM: Account Management for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_account(570)
  smb_pam_account: PAM: Account OK for User: nobody
[2004/06/14 10:38:06, 4] auth/pampass.c:smb_pam_end(440)
  smb_pam_end: PAM: PAM_END OK.
[2004/06/14 10:38:06, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/06/14 10:38:06, 5] auth/auth.c:check_ntlm_password(292)
  check_ntlm_password:  PAM Account for user [nobody] succeeded
[2004/06/14 10:38:06, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [solarz] -> [solarz] -> 
[nobody] succeeded

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-02-08 07:39:11 UTC

please retest against 3.0.11 and let me know if the issue still exists.

Comment 2 Gerald (Jerry) Carter (dead mail address) 2005-02-09 09:06:30 UTC

closing

Comment 3 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:17:34 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.