Trust Accounts in 2.2.x (Was Re: Fwd: Re: [squid-users] winbind authentication, mystical ?)

From: Jerry Murdock <jmurdock@dont-contact.us>
Date: Tue, 9 Jul 2002 05:10:43 -0400

----- Original Message -----
From: "Andrew Bartlett" <abartlet@samba.org>
To: "Jerry Murdock" <jmurdock@itraktech.com>
Cc: "Andrew Bartlett" <abartlet@samba.org>; "Squid-Dev (E-mail)"
<squid-dev@squid-cache.org>; "Henrik Nordstrom" <hno@squid-cache.org>
Sent: Sunday, July 07, 2002 12:42 AM
Subject: Re: Fwd: Re: [squid-users] winbind authentication, mystical ?

> Jerry Murdock wrote:

> > If so, and the user didn't want to run smbd, would you foresee any
> > problems with a cron script to load smbd, login, logout, kill smbd?
>
> Only that you would have to trigger the timeout processing... Yes this
> is silly.
>
And tricky. I'm reliably doing it now, but it is very ugly.

Just about any smbclient session will trigger a call to timeout_processing
upon ending the connection, but timeout processing bails out at "if
(smb_read_error == READ_EOF)."

The second call to timeout_processing is commented:
  * Ensure we do timeout processing if the SMB we just got was
  * only an echo request.
I haven't looked at exactly what an SMB echo request is, but this has not
been triggered in the testing I've done.

The third instance is every 200 requests. This fires consistently and the
following snippet appears to cause a trust account password change
consistently:

==>>
#!/usr/bin/perl -w
system("smbd -i &"); #remove if smbd normally running
sleep 2;
open (PIPE, "| smbclient //127.0.0.1/fredsdir -U
mydomain\\\\myuser%mypass");
select PIPE;
$|=1;
for ($i = 1; $i < 205; $i++) {
    print "mkdir dummydir\n";
    sleep 1;
}
print "rmdir dummydir\n";
print "exit\n";
<<==

This obeys "machine password timeout" as set in smbd.conf. Which means it
resets the pw only if the timeout has expired.

Yes it's horrid, but it's workable.

It at least provides an option for an unpatched samba 2.2.x.

> Probably the best advise it to prepare a patch that simply does what the
> 'net rpc changetrustpw' does in HEAD.
>

Attached is a diff to smbpasswd to add domain trust account pw changing,
syntax is:

smbpasswd -t mydomain -r mypdc

Jerry

Received on Tue Jul 09 2002 - 03:11:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:48 MST