Package: swat
Version: 2:3.6.6-5
Severity: important
Hi,
At some point in the last month server password management using Swat has
stopped working. Swat can be logged into and the old and new server passwords
entered, but choosing "Change Password" appears to just reload the page
without changing anything. Entering the wrong old password or mismatching
new passwords does the same thing.
The only relevant logging I can find is in /var/log/samba/log. which has
recently started getting lots of lines like this when Swat is used:
[2013/02/16 15:02:30.297508, 0] passdb/secrets.c:76(secrets_init)
Failed to open /var/lib/samba/secrets.tdb
# ls -l /var/lib/samba/secrets.tdb
-rw------- 1 root root 430080 Aug 24 23:30 /var/lib/samba/secrets.tdb
24 August is the date I first installed Samba.
Swat is running through stunnel, which has always occasionally logged SSL
errors, but there don't appear to have been any recent changes to stunnel or
its dependancies.
While I don't know the Samba code, it looks at least possible to me that the
problem was introduced by the patch for CVE-2013-0214.
My smb.conf file looks like this:
[global]
workgroup = FUNDAMENTALS
server string = %h server
interfaces = 127.0.0.0/8, bond0
bind interfaces only = Yes
obey pam restrictions = Yes
pam password change = Yes
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
load printers = No
os level = 65
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
invalid users = root
[Service]
comment = Service files
path = /srv/smb/service
read only = No
create mask = 0775
force create mode = 0664
directory mask = 0770
force directory mode = 0770
oplocks = No
level2 oplocks = No
There are several other similar share definitions.
Apart from the security update, the only other recent changes I can think of
are adding the "level2 oplocks = No" parameter, but I can't imagine that
affecting Swat, and I briefly tried "max protocol = SMB2" but reverted that
when it appeared to negatively impact reliability in Windows.
As my only use of Swat is to allow users to change their passwords, this has
had a major affect on the usability of the package.
Thank you for your assistance,
Roger
-- System Information:
Debian Release: 7.0
APT prefers testing-updates
APT policy: (500, 'testing-updates'), (500, 'testing-proposed-updates'),
(500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages swat depends on:
ii dpkg 1.16.9
ii libc6 2.13-37
ii libcap2 1:2.22-1.2
ii libcomerr2 1.42.5-1
ii libcups2 1.5.3-2.14
ii libgssapi-krb5-2 1.10.1+dfsg-3
ii libk5crypto3 1.10.1+dfsg-3
ii libkrb5-3 1.10.1+dfsg-3
ii libldap-2.4-2 2.4.31-1
ii libpam0g 1.1.3-7.1
ii libpopt0 1.16-7
ii libtalloc2 2.0.7+git20120207-1
ii libtdb1 1.2.10-2
ii libwbclient0 2:3.6.6-5
ii openbsd-inetd [inet-superserver] 0.20091229-2
ii samba 2:3.6.6-5
ii zlib1g 1:1.2.7.dfsg-13
Versions of packages swat recommends:
ii samba-doc 2:3.6.6-5
swat suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
