Your message dated Fri, 13 Jan 2006 07:18:08 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Closing with version tracking
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 26 Jul 2005 11:32:49 +0000
>From [EMAIL PROTECTED] Tue Jul 26 04:32:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 193.201.107.9.es.colt.net [193.201.107.9]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DxNg1-0007T3-00; Tue, 26 Jul 2005 04:32:49 -0700
Received: from no.name.available by [193.201.107.9]
via smtpd (for spohr.debian.org [140.211.166.43]) with ESMTP; Tue, 26
Jul 2005 13:59:50 +0200
Received: (qmail 14914 invoked from network); 26 Jul 2005 11:23:49 -0000
Received: from unknown (HELO srv-mail4.ineco.es) ([172.16.14.34])
(envelope-sender <[EMAIL PROTECTED]>)
by ldap.ineco.es (qmail-ldap-1.03) with SMTP
for <[EMAIL PROTECTED]>; 26 Jul 2005 11:23:49 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6603.0
Subject: winbind: Erroneous retrieving/mapping of user secondary groups
Date: Tue, 26 Jul 2005 13:32:15 +0200
Message-ID: <[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Mail delivery failed: returning message to sender
Thread-Index: AcWR1R6NLm7rk1q8SI+VgQTXVU0OQgAADVbw
From: "Abajo Duran, Mario" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: winbind
Version: 3.0.14a-3
Severity: grave
Justification: user security hole
I have found an error in a similar way to the bug 2776 in the samba =
bugzilla
https://bugzilla.samba.org/show_bug.cgi?id=3D2776 i'm configuring a =
samba
server in an ADS domain (not in native mode but with security =3D ADS) =
and
sharing a directory with acl's and found that some privileged users get
access denied when trying to access.
Searching inside the logs i found that samba retrieves different group
id's. Then i try this after seeing the bug in the samba bugzilla:
# wbinfo -r "DOMAIN\my_user"
10001
10002
10022
10023
10024
10025
10026
# id "DOMAIN\my_user"
uid=3D13204(DOMAIN\my_user) gid=3D10002(DOMAIN\group1)
grupos=3D10002(DOMAIN\group2),10022(DOMAIN\group3),10026(DOMAIN\group4),
10001(DOMAIN\group5),10171(DOMAIN\group6),10245(DOMAIN\group7),
10251(DOMAIN\group8),10311(DOMAIN\group9)
As you can see the user groups vary, this also works with "getent
groups" instead of id.
This happens with newly created users, old ones, etc.... and makes a
user have a set of different privileges, i've made a test in other
machine with a clean sarge r0a intalled and updated with the same
results.
smb.conf:
[global]
workgroup =3D DOMAIN
realm =3D DOMAIN.ES
netbios name =3D TEST-SAMBA
server string =3D Esto esta pa'cer pruebas :)
security =3D ADS
passdb backend =3D tdbsam,guest
passwd program =3D /usr/bin/passwd %u
password server =3D server1, server2
passwd chat =3D *Enter\snew\sUNIX\spassword:* %n\n =
*Retype\snew\sUNIX\spassword:* %n\n .
log level =3D 2
syslog =3D 0
os level =3D 65
log file =3D /var/log/samba/log.%m
max log size =3D 1000
smb ports =3D 139 445
ldap ssl =3D start tls
panic action =3D /usr/share/samba/panic-action %d
allow trusted domains =3D no
idmap uid =3D 500-100000000
idmap gid =3D 500-100000000
winbind cache time =3D 600
[prueba]
path =3D /mnt/backup/prueba
writable =3D yes
map acl inherit =3D yes
inherit acls =3D yes
any other information that you need, please tell me
Thanks for all
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=3DISO-8859-15)
Versions of packages winbind depends on:
ii libc6 2.3.2.ds1-22 GNU C Library: Shared =
libraries an
ii libcomerr2 1.37-2sarge1 common error description =
library
ii libkrb53 1.3.6-2sarge1 MIT Kerberos runtime =
libraries
ii libldap2 2.1.30-8 OpenLDAP libraries
ii libpam0g 0.76-22 Pluggable Authentication =
Modules l
ii libpopt0 1.7-5 lib for parsing cmdline =
parameters
---------------------------------------
Received: (at 320010-done) by bugs.debian.org; 13 Jan 2006 06:54:12 +0000
>From [EMAIL PROTECTED] Thu Jan 12 22:54:12 2006
Return-path: <[EMAIL PROTECTED]>
Received: from onera.onera.fr ([144.204.65.4])
by spohr.debian.org with esmtp (Exim 4.50)
id 1ExIp9-0002EY-Nm
for [EMAIL PROTECTED]; Thu, 12 Jan 2006 22:54:12 -0800
Received: from cc-mykerinos.onera (localhost [127.0.0.1])
by onera.onera.fr with ESMTP id k0D6sACN007361
for <[EMAIL PROTECTED]>; Fri, 13 Jan 2006 07:54:10 +0100 (MET)
Received: by cc-mykerinos.onera (Postfix, from userid 1000)
id 8F7BD40B05E; Fri, 13 Jan 2006 07:18:08 +0100 (CET)
Date: Fri, 13 Jan 2006 07:18:08 +0100
From: Christian Perrier <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Closing with version tracking
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.11
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
Version: 3.0.20b-1
This bug was closed in this version of the package (fixed upstream).
--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
