On Tue, Jul 24, 2007 at 02:11:01PM +0800, Joe C. K. Yau wrote:
> I have finally get it working, without knowing exactly why what I did
> before didn't work. It seems to be a configuration problem, which
> fuzzles me a lot. Basically, my config is as follows:
> <=========================v=v=v= Config =v=v=v=========================>
> 1>> [global]
> 2>> workgroup = AlwaysBIG
> 3>> encrypt passwords = false
> 4>> root preexec = /bin/echo %T: CONNECT: service:%S path:%P by [EMAIL
> PROTECTED] >> /var/log/samba/log.connection
> 5>> root postexec = /bin/echo %T: DISCONNECT: service:%S path:%P by
> [EMAIL PROTECTED] >> /var/log/samba/log.connection
> 6>>
> 7>> [homes]
> 8>> comment = Home Directories
> 9>> browseable = no
> 10>> writable = yes
> 11>> create mask = 0700
> 12>> directory mask = 0700
> 13>> valid users = %S
> <=========================^=^=^= Config =^=^=^=========================>
> The situation is like this: I have winbindd running, and I have a
> smb.conf like the above. If I keep line 13 ("valid users = %S"),
> I wouldn't be able to connect to my home directory. But if I comment
> it out, it will just work fine. Please note that I am using plaintext
> password here. Is that the cause??
I'm not sure why plaintext passwords should affect the use of 'valid users =
%S'; that should not change how the username is resolved.
But why do you have winbind running on a system where you're trying to use
plaintext passwords? Or put differently, why are you using plaintext
passwords on a system that has winbind?
winbind is for NT domain integration. If you have an NT domain, you
shouldn't need to resort to plaintext passwords; and indeed, I would expect
that 'encrypt passwords = false' would cause problems for the domain
operation.
> Please also note that line 4 and 5 above are just for some extra
> logging. I had this in my configuration with older version of
> Samba and it worked fine. But now, nothing is logged down.
> Any clue??
Recent versions of samba fixed a security hole in the parsing of
preexec/postexec commands by trimming all shell special characters. I
believe this includes '>'. You would need to create a short script to
handle the redirection to the named logfile.
> Also, whenever, I do "wbinfo -t", I get the following error message
> (with or without the "valid users" line in smb.conf):
> checking the trust secret via RPC calls failed
> error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
> Could not check secret
So you have joined your samba system to a domain? Your smb.conf above
doesn't reflect that.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
