I have a externally firewalled server running OS X Server, on which I have compiled samba 2.2.5 with ldapsam using the Makefile for samba on the Apple Public CVS servers (attached), since the version of Samba that comes with OS X Server does not have ldap support compiled in (Which I need to use Samba as a PDC that authenticates against the builtin ldap server).
The ONLY changes I made to get samba to compile were to remove an unnecessary LDFLAGS=-lresolv in the configure generated Makefile (only relevant for 2.2.5, fixed by 2.2.8), and adding --with-ldapsam and a --disable-cups to the configure options in the Apple Makefile.
Upon hearing of the recent security advisory and recommended update to 2.2.8 (and receiving and having to reinstall samba 2.2.5 on top of more recent apple software updates), I downloaded 2.2.8 and compiled using the exact same methodology as with 2.2.5:
extract 2.2.8 copy the Apple Makefile to the top directory of the samba source tree run make
Problem:
Samba 2.2.8 successfully compiles, but when used to share a filesystem, consistently has a "PANIC: failed to set gid" right after it gets through successfully authenticating the password to the ldap server.
Thinking that perhaps this was a problem with my compiler setup (or some problem that has exhibited itself through the various OS updates that have come out since I first installed 10.2) I recompiled 2.2.5. 2.2.5 works just fine.
I also pulled SAMBA_2_2 from cvs, and had the same problem. I have not backtracked through CVS to find the exact date of failure, but if necessary, I can do so to track down the problem. Any assistance with tracking down this problem would be appreciated.
Any other useful data and logs can be made available upon request.
Sincerely Satadru Pramanik Systems Administrator Intercooperative Council at the University of Michigan
Details:
All of the following output is from trying to open a connection to the same share on the server.
Smbd log output at point of failure in 2.2.8
[2003/03/30 14:28:45, 2] passdb/pdb_ldap.c:get_single_attribute(441) get_single_attribute: [acctFlags] = [[U ]] [2003/03/30 14:28:45, 0] lib/util_sec.c:assert_gid(111) Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0) [2003/03/30 14:28:45, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid
[2003/03/30 14:28:55, 2] smbd/reply.c:reply_special(91)
This as opposed to that of a working 2.2.5 at the exact same point:
[2003/03/30 14:42:30, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [acctFlags] = [[U ]] [2003/03/30 14:42:30, 2] smbd/open.c:open_file(230) satadru opened file startup.cmd read=Yes write=No (numopen=2) [2003/03/30 14:42:30, 2] smbd/open.c:open_file(230) satadru opened file startup.cmd read=Yes write=No (numopen=3) [2003/03/30 14:42:30, 2] smbd/close.c:close_normal_file(211)
Here is output from running the 2.2.8 smbd -i (with log level of 10):
smb_password_ok: Checking SMB password for user satadru smb_password_ok: challenge received smb_password_ok: Checking NT MD4 password smb_password_ok: NT MD4 password check succeeded lp_servicenumber: couldn't find satadru adding home directory satadru at /Volumes/Data/Home/satadru register_vuid: (1000,1000) satadru satadru ICC guest=0 register_vuid: allocated vuid = 100 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 Failed to set gid privileges to (0,1000) now set to (1000,1000) uid=(0,0) PANIC: failed to set gid
working 2.2.5 output of smbd -i (with log level of 10):
smb_password_ok: Checking SMB password for user satadru smb_password_ok: challenge received smb_password_ok: Checking NT MD4 password smb_password_ok: NT MD4 password check succeeded lp_servicenumber: couldn't find satadru adding home directory satadru at /Volumes/Data/Home/satadru register_vuid: (1000,1000) satadru satadru ICC guest=0 register_vuid: allocated vuid = 101 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 get_current_groups: user is in 3 groups: 1000, 20, 42 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 get_current_groups: user is in 3 groups: 0, 20, 42 uid_to_sid: local 1000 -> <SID HERE> gid_to_sid: local 1000 -> <SID HERE>
(this keeps going as this smbd doesn't panic)
-- [EMAIL PROTECTED] For a successful technology, reality must take precedence over public relations, for nature cannot be fooled. -R. P. Feynman, Personal observations on the reliability of the Shuttle
Makefile
Description: Binary data
