Your message dated Wed, 9 Jan 2008 09:57:12 -0800
with message-id <[EMAIL PROTECTED]>
and subject line [Pkg-samba-maint] Bug#459941: samba: security=share does not 
work any more
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: samba
Version: 3.0.28-1
Severity: normal

This version shows a regression with respect to 3.0.24-6etch9.  Even
version 3.0.26 that I run on Ubuntu does not exhibit this problem.

The problem is that the setting
 security = share
does not work with Microsoft Windows 98 for shares requesting a
password.  Samba keeps saying that the password is wrong.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set 
to C)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser               3.105              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.17             Debian configuration management sy
ii  libacl1               2.2.45-1           Access control list shared library
ii  libattr1              1:2.4.39-1         Extended attribute shared library
ii  libc6                 2.7-5              GNU C Library: Shared libraries
ii  libcomerr2            1.40.3-1           common error description library
ii  libcupsys2            1.3.5-1            Common UNIX Printing System(tm) - 
ii  libgnutls13           2.0.4-1            the GNU TLS library - runtime libr
ii  libkrb53              1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii  libldap2              2.1.30.dfsg-13.5   OpenLDAP libraries
ii  libpam-modules        0.99.7.1-5         Pluggable Authentication Modules f
ii  libpam-runtime        0.99.7.1-5         Runtime support for the PAM librar
ii  libpam0g              0.99.7.1-5         Pluggable Authentication Modules l
ii  libpopt0              1.10-3             lib for parsing cmdline parameters
ii  logrotate             3.7.1-3            Log rotation utility
ii  lsb-base              3.1-24             Linux Standard Base 3.1 init scrip
ii  procps                1:3.2.7-5          /proc file system utilities
ii  samba-common          3.0.28-1           Samba common files used by both th
ii  update-inetd          4.27-0.6           inetd.conf updater
ii  zlib1g                1:1.2.3.3.dfsg-8   compression library - runtime

samba recommends no packages.

-- debconf information:
  samba/tdbsam: false
  samba/generate_smbpasswd: true
  samba/run_mode: daemons

===File /etc/samba/smb.conf=================================
[global]
   workgroup = WNLAB
   server string = %h server
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
   socket options = TCP_NODELAY
[homes]
   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[global]
   workgroup = WNLAB
   server string = %h server
   dns proxy = no
   log file = /var/log/samba/log.%m
   max log size = 1000
   syslog = 0
   panic action = /usr/share/samba/panic-action %d
   encrypt passwords = true
   passdb backend = tdbsam
   obey pam restrictions = yes
   invalid users = root
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
   socket options = TCP_NODELAY
[homes]
   comment = Home Directories
   browseable = no
   writable = no
   create mask = 0700
   directory mask = 0700
   valid users = %S
[printers]
   comment = All Printers
   browseable = no
   path = /var/spool/samba
   printable = yes
   public = no
   writable = no
   create mode = 0700
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
[global]
   security = share
   guest account = cng
[tmp]
   comment = Temporary directory
   create mask = 0775
   directory mask = 0775
   path = /var/nettmp
   writable = yes
   public = yes
[cng]
   comment = Computer Networks Group
   create mask = 0775
   directory mask = 0775
   delete veto files = yes
   path = /home/cng/pub
   valid users = cng
   writable = yes
============================================================



--- End Message ---
--- Begin Message ---
On Wed, Jan 09, 2008 at 06:49:46PM +0100, Francesco Potorti` wrote:
> Package: samba
> Version: 3.0.28-1
> Severity: normal

> This version shows a regression with respect to 3.0.24-6etch9.  Even
> version 3.0.26 that I run on Ubuntu does not exhibit this problem.

> The problem is that the setting
>  security = share
> does not work with Microsoft Windows 98 for shares requesting a
> password.  Samba keeps saying that the password is wrong.

Documented in NEWS.Debian:

samba (3.0.27a-2) unstable; urgency=low

  * Weak authentication methods are disabled by default

    Beginning with this version, plaintext authentication is disabled for
    clients and lanman authentication is disabled for both clients and
    servers.  Lanman authentication is not needed for Windows
    NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows
    95/98/ME clients (or servers) you may need to set lanman auth (or client
    lanman auth) to yes in your smb.conf.

    The "lanman auth = no" setting will also cause lanman password hashes to
    be deleted from smbpasswd and prevent new ones from being written, so
    that these can't be subjected to brute-force password attacks.  This
    means that re-enabling lanman auth after it has been disabled is more
    difficult; it is therefore advisable that you re-enable the option as
    soon as possible if you think you will need to support Win9x clients.

    Client support for plaintext passwords is not needed for recent Windows
    servers, and in fact this behavior change makes the Samba client behave
    in a manner consistent with all Windows clients later than Windows 98.
    However, if you need to connect to a Samba server that does not have
    encrypted password support enabled, or to another server that does not
    support NTLM authentication, you will need to set
    "client plaintext auth = yes" and "client lanman auth = yes" in smb.conf.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
[EMAIL PROTECTED]                                     [EMAIL PROTECTED]


--- End Message ---

Reply via email to