Your message dated Wed, 9 Jan 2008 09:57:12 -0800
with message-id <[EMAIL PROTECTED]>
and subject line [Pkg-samba-maint] Bug#459941: samba: security=share does not
work any more
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: samba
Version: 3.0.28-1
Severity: normal
This version shows a regression with respect to 3.0.24-6etch9. Even
version 3.0.26 that I run on Ubuntu does not exhibit this problem.
The problem is that the setting
security = share
does not work with Microsoft Windows 98 for shares requesting a
password. Samba keeps saying that the password is wrong.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'testing-proposed-updates')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set
to C)
Shell: /bin/sh linked to /bin/bash
Versions of packages samba depends on:
ii adduser 3.105 add and remove users and groups
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii libacl1 2.2.45-1 Access control list shared library
ii libattr1 1:2.4.39-1 Extended attribute shared library
ii libc6 2.7-5 GNU C Library: Shared libraries
ii libcomerr2 1.40.3-1 common error description library
ii libcupsys2 1.3.5-1 Common UNIX Printing System(tm) -
ii libgnutls13 2.0.4-1 the GNU TLS library - runtime libr
ii libkrb53 1.6.dfsg.3~beta1-2 MIT Kerberos runtime libraries
ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries
ii libpam-modules 0.99.7.1-5 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-5 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii procps 1:3.2.7-5 /proc file system utilities
ii samba-common 3.0.28-1 Samba common files used by both th
ii update-inetd 4.27-0.6 inetd.conf updater
ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime
samba recommends no packages.
-- debconf information:
samba/tdbsam: false
samba/generate_smbpasswd: true
samba/run_mode: daemons
===File /etc/samba/smb.conf=================================
[global]
workgroup = WNLAB
server string = %h server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
socket options = TCP_NODELAY
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[global]
workgroup = WNLAB
server string = %h server
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
syslog = 0
panic action = /usr/share/samba/panic-action %d
encrypt passwords = true
passdb backend = tdbsam
obey pam restrictions = yes
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
socket options = TCP_NODELAY
[homes]
comment = Home Directories
browseable = no
writable = no
create mask = 0700
directory mask = 0700
valid users = %S
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
public = no
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[global]
security = share
guest account = cng
[tmp]
comment = Temporary directory
create mask = 0775
directory mask = 0775
path = /var/nettmp
writable = yes
public = yes
[cng]
comment = Computer Networks Group
create mask = 0775
directory mask = 0775
delete veto files = yes
path = /home/cng/pub
valid users = cng
writable = yes
============================================================
--- End Message ---
--- Begin Message ---
On Wed, Jan 09, 2008 at 06:49:46PM +0100, Francesco Potorti` wrote:
> Package: samba
> Version: 3.0.28-1
> Severity: normal
> This version shows a regression with respect to 3.0.24-6etch9. Even
> version 3.0.26 that I run on Ubuntu does not exhibit this problem.
> The problem is that the setting
> security = share
> does not work with Microsoft Windows 98 for shares requesting a
> password. Samba keeps saying that the password is wrong.
Documented in NEWS.Debian:
samba (3.0.27a-2) unstable; urgency=low
* Weak authentication methods are disabled by default
Beginning with this version, plaintext authentication is disabled for
clients and lanman authentication is disabled for both clients and
servers. Lanman authentication is not needed for Windows
NT/2000/XP/Vista, Mac OS X or Samba, but if you still have Windows
95/98/ME clients (or servers) you may need to set lanman auth (or client
lanman auth) to yes in your smb.conf.
The "lanman auth = no" setting will also cause lanman password hashes to
be deleted from smbpasswd and prevent new ones from being written, so
that these can't be subjected to brute-force password attacks. This
means that re-enabling lanman auth after it has been disabled is more
difficult; it is therefore advisable that you re-enable the option as
soon as possible if you think you will need to support Win9x clients.
Client support for plaintext passwords is not needed for recent Windows
servers, and in fact this behavior change makes the Samba client behave
in a manner consistent with all Windows clients later than Windows 98.
However, if you need to connect to a Samba server that does not have
encrypted password support enabled, or to another server that does not
support NTLM authentication, you will need to set
"client plaintext auth = yes" and "client lanman auth = yes" in smb.conf.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
[EMAIL PROTECTED] [EMAIL PROTECTED]
--- End Message ---