[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#718865: Update and minimize /etc/samba/smbldap-machineadd-gosa



Hi Wolfgang, Arne,

On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote:

On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:
[Wolfgang Schweer]
> Using a normal user account, the failure message is:
>
> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> reproducible.

I get this too when I provide the password.  But when I just press
[enter] on the password prompt, I am logged in and can see my files.
I guess Kerberos login work, while password check do not.

Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you
immediatly into a smb shell.

I noticed a really scaring thing:
Logged in as a student using a teacher's uid with the above command, I'm
able to get/put/rename/delete files and dirs, cause I seem to get the
smb shell under that uid. Something seems to be misconfigured.

Can someone try to reproduce this behaviour?

Reproducible here, as well.

On the other hand (with the correct password entered):

"""
ldapadmin@tjener:~$ smbclient -L tjener -U mg
WARNING: The "null passwords" option is deprecated
WARNING: The "use spnego" option is deprecated
Enter mg's password:
session setup failed: NT_STATUS_LOGON_FAILURE
ldapadmin@tjener:~$
"""

With this in the log file

"""
ldapadmin@tjener:~$ sudo tail -f /var/log/samba/log.tjener
Password:
[2013/08/12 17:57:38.669988, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
  pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:57:41.705334, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
  pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:57:44.155758, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
  pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 17:59:23.792979, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
  pdb_increment_bad_password_count: pdb_get_account_policy failed.
[2013/08/12 18:10:10.901732, 0] passdb/passdb.c:2247(pdb_increment_bad_password_count)
  pdb_increment_bad_password_count: pdb_get_account_policy failed.
"""

Further more, I miss some policy entries in the sambaDomainName=SKOLELINUX object (like described here [1]):

# SAMBADOM, sambadom.local
dn: sambaDomainName=SAMBADOM,dc=sambadom,dc=local
sambaDomainName: SAMBADOM
sambaSID: S-1-5-21-1179644376-2526199691-xxxxxxxxxx
sambaAlgorithmicRidBase: 1000
objectClass: sambaDomain
sambaNextUserRid: 1000
sambaRefuseMachinePwdChange: 0
sambaLockoutDuration: 30
sambaLockoutObservationWindow: 30
sambaLockoutThreshold: 0
sambaMinPwdLength: 7
sambaPwdHistoryLength: 0
sambaLogonToChgPwd: 1
sambaMaxPwdAge: -1
sambaMinPwdAge: 0
sambaForceLogoff: -1
sambaNextRid: 1021

[1] https://lists.samba.org/archive/samba/2011-September/164127.html

Urggghhh...
Mike

--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpiLtVjdk5Y2.pgp
Description: Digitale PGP-Unterschrift


Reply to: