[Samba] Compiling samba on Solaris 8 --with-ads
Hello, I'm trying to Compile Samba with ADS support on Solaris 8. I have installed without any problems: /opt/cifs/bdb - .bdb-4.2.52 /opt/cifs/heimdal - .heimdal-0.6.3 /opt/cifs/openldap - .openldap-2.1.25 /opt/cifs/openssl - .openssl-0.9.7e /opt/cifs/samba - .samba-3.0.9 and I'm configuring samba with: LDFLAGS=-L/opt/cifs/openldap/lib -L/opt/cifs/heimdal/lib export LDFLAGS CPPFLAGS=-I/opt/cifs/openldap/include -I/opt/cifs/heimdal/include export CPPFLAGS ./configure \ --prefix=/opt/cifs/.samba-3.0.9 \ --with-krb5=/opt/cifs/heimdal \ --with-ads but I'm getting the following error message von the configure script: ... checking for krb5_c_enctype_compare... no checking for krb5_enctypes_compatible_keys... no checking for krb5_encrypt_block type... no checking for addrtype in krb5_address... no checking for addr_type in krb5_address... yes checking for enc_part2 in krb5_ticket... no checking for keyblock in krb5_creds... no checking for session in krb5_creds... yes checking for keyvalue in krb5_keyblock... yes checking for ENCTYPE_ARCFOUR_HMAC_MD5... yes checking for KEYTYPE_ARCFOUR_56... yes checking for AP_OPTS_USE_SUBKEY... yes checking for KV5M_KEYTAB... no checking for the krb5_princ_component macro... no checking for key in krb5_keytab_entry... no checking for keyblock in krb5_keytab_entry... yes configure: error: libkrb5 is needed for Active Directory support Can anyone help? Thanks in Advance! Imed -- GMX ProMail mit bestem Virenschutz http://www.gmx.net/de/go/mail +++ Empfehlung der Redaktion +++ Internet Professionell 10/04 +++ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login password to SWAT
Hello, Can anyone tell me which password swat uses to login users, is it the system password or the Samba password (Samba password and system pasword are different!). I couldn't find this information in the man pages of swat! Thanks in advance! Imed -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 2.2.5 Security Bug?
Hi Jerry Thanks for the answer! UNIX does not prevent you from setting an empty password. Maybe you PAM stack does. With UNIX I meant Solrais 2.x (default), I don't know exactly how it is for linux (I suppose it's similiar) - man passwd: SunOS 5.8 Last change: 21 Oct 19991 User Commands passwd(1) Passwords must be constructed to meet the following require- ments: o Each password must have PASSLENGTH characters, where PASSLENGTH is defined in /etc/default/passwd and is set to 6. Only the first eight characters are signifi- cant. o Each password must contain at least two alphabetic characters and at least one numeric or special charac- ter. In this case, alphabetic refers to all upper or lower case letters. Try using pam_smbpass.so and the pam_crack.so library for controlling password strength. Thanks for the tip, I'll do it, pitty that Samba dosen't do it out of the box. Samba just gives you the bullet. If you shoot yourself in the foot, we can't stop that If you want, modify smbpasswd so that if ( !lp_null_passwords() !strlen(new_passwd) ) fail; The bullet is ok for root but not for the normal users, or do your users have the root password in your environment? I'll try to change the code too, but it's not Samba standard anymore! As of this moment, we are not planning on changing the current behavior. That's really pitty! Anyway can you please tell me why did the attitude of smbpasswd change between the versions before and after 2.0 (just concerning the empty string not the whole concept)? Is that not a sort of a downgrade? Thanks for the discussion! Regards, Imed -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.5 Security Bug?
Hi Jerry Thanks for the answer! Of the top of my head i would say that \n is not being recognized as NO PASSWORDX. Check the smbpasswd file. I can see this attitude on all Solaris Server using samba 2.0, with different installations. In the smbpasswd file there is no NO PASSWORDX for the specified user, see bleow: ben:781:AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0:[UX ]:LCT-3DA3119B: What does that mean now (\n is not being recognized as...)? Is the smbpasswd binay buggy, or am I doing something wrong? Thanks in Advance! Imed -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 2.2.5 Security Bug?
Hi there, No password is different from the password (an empty password). is actually hashed as an empty string and is a valid password, NO PASSWORD is treated differently. That not very consistent! With SWAT it's not possible for the user user to set an empty password, this is Unix like. No password is just allowed for root, that's ok, because it's under root's control. An empty password is possible for all user and this really bad, because you don't have any control on the user passwords, even not in the smb.conf file! In addition, with the old samba versions 2.0 it wasn't possible even for root to set an empty password! Is there any cogent reason, why should (an empty password) now be a valid password? Thanks for hints! regards, Imed -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.5 Security Bug?
Hello Does anyone know why normal users can set a blank samba password with the smbpasswd kommand by inserting CR twice after inserting the old passwd: ben@amo:% /opt/samba/bin/smbpasswd Old SMB password:oldpasswd New SMB password:CR Retype new SMB password:CR Password changed for user ben After that the user can map the samba shares with a blank password even if: null passwords = No and guest ok = No in the smb.conf Thanks in advance Imed -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba