[Bug 282751] Re: Winbind package does not provide PAM configuration
** Changed in: samba (Debian) Status: Unknown => Fix Released -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu1 --- samba (2:3.4.7~dfsg-1ubuntu1) lucid; urgency=low * Merge from debian testing. Remaining changes: + debian/patches/VERSION.patch: - set SAMBA_VERSION_SUFFIX to Ubuntu. + debian/smb.conf: - Add "(Samba, Ubuntu)" to server string. - Comment out the default [homes] share, and add a comment about "valid users = %s" to show users how to restrict access to \\server\username to only username. - Set 'usershare allow guests', so that usershare admins are allowed to create public shares in additon to authenticated ones. - add map to guest = Bad user, maps bad username to gues access. + debian/samba-common.conf: - Do not change priority to high if dhclient3 is installed. - Use priority medium instead of high for the workgroup question. + debian/mksambapasswd.awk: - Do not add user with UID less than 1000 to smbpasswd. + debian/control: - Make libswbclient0 replace/conflict with hardy's likewise-open. - Don't build against ctdb, since its not in main yet. + debian/rules: - Enable "native" PIE hardening. - Add BIND_NOW to maximize benefit of RELRO hardening. + Add ufw integration: - Created debian/samba.ufw.profile. - debian/rules, debian/samba.dirs, debian/samba.files: install + Add apport hook: - Created debian/source_samba.py. - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install + debian/control: Recommend keyutils for smbfs (LP: #493565) + debian/patches/ubuntu-gecos-fix.patch: Fix gecos parsing backported from Samba 3.5.x (LP: #182572) + debian/samba.postinst: Avoid scary pdbedit warnings on first import. (LP: #24741) + debian/samba.logrotate: Make it upstart compatible (LP: #529290) + debian/samba-common.dhcp: Fix typo to get a proper parsing in /etc/samba/dhcp. (LP: #507374) + Dropped: debian/patches/debian/patches/security-CVE-2010-0728.patch: Included upstream. samba (2:3.4.7~dfsg-1) unstable; urgency=low [ Steve Langasek ] * Add a PAM profile for pam_winbind. Closes: #566890, LP: #282751. * Add the correct versioned build dependency on libtalloc-dev as we need 2.0.1 to build samba. Closes: #572603 * Add avr32 to arches with a build dependency on ctdb. Closes: #572126 [ Christian Perrier ] * New upstream release. Security fix: all smbd processes inherited CAP_DAC_OVERRIDE capabilities, allowing all file system access to be allowed even when permissions should have denied access. -- Chuck ShortFri, 19 Mar 2010 21:17:40 + ** Changed in: samba (Ubuntu) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-0728 -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
fixed in debian, please merge 3.4.7 from testing/unstable ** Also affects: samba (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566890 Importance: Unknown Status: Unknown -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
** Branch linked: lp:debian/sid/samba -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
Debian bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566890 Since it's not the Samba project, I don't know how to link to this bug. An alternate, but similar pam-config is discussed at: http://mattonrails.wordpress.com/2008/10/27/vpc-ubuntu-810-beta-and-active-directory/ Name: Active Directory via Winbind Default: yes Priority: 500 Auth-Type: Primary Auth: [success=end default=ignore]pam_winbind.so krb5_auth krb5_ccache_type=FILE try_first_pass Auth-Initial: [success=end default=ignore]pam_winbind.so krb5_auth krb5_ccache_type=FILE Account-Type: Primary Account: [success=end default=ignore]pam_winbind.so Session-Type: Additional Session: requiredpam_mkhomedir.so umask=0022 skel=/etc/skel Drew Daniels Resume: http://www.boxheap.net/~ddaniels/resume.html ** Bug watch added: Debian Bug tracker #566890 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566890 -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
This is successfully tested /usr/share/pam-configs/winbind from http://ubuntuforums.org/showthread.php?t=1184605: Name: Winbind authentication Default: yes Priority: 255 Auth-Type: Primary Auth: [success=end default=ignore]pam_winbind.so krb5_auth krb5_ccache_type=FILE try_first_pass Auth-Initial: [success=end default=ignore]pam_winbind.so krb5_auth krb5_ccache_type=FILE Account-Type: Primary Account: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Account-Initial: [success=end new_authtok_reqd=done default=ignore] pam_winbind.so Session-Type: Additional Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel Session-Initial: required pam_mkhomedir.so umask=0022 skel=/etc/skel -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
Edgar, My opinion is that pam_unix should be tried before pam_winbind. Sending your root password to Active Directory is Not a good idea. The same applies to pam-krb5 if it does that. -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
was able to log in to machine (console and ssh) using AD creds... Now if I can figure out the strange things in the log file ... (doesn't show on other server with slightly older samba but very similar configuration) -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
I tried that file (winbind) that Edgar provided in the /usr/share/pam- configs and it re-wrote the /etc/pam.d/ files -- I have yet to test login to the console from the Windows AD. -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
** Tags added: patch -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
Adapted from krb5 ** Attachment added: "winbind" http://launchpadlibrarian.net/24965981/winbind -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 282751] Re: Winbind package does not provide PAM configuration
Thanks we will take a look at this for jaunty. Regards chuck ** Changed in: samba (Ubuntu) Importance: Undecided => Wishlist Status: New => Triaged -- Winbind package does not provide PAM configuration https://bugs.launchpad.net/bugs/282751 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to samba in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
