Re: Trust Accounts in 2.2.x (Was Re: Fwd: Re: [squid-users] winbind authentication, mystical ?)

From: Jerry Murdock <jmurdock@dont-contact.us>
Date: Mon, 15 Jul 2002 14:12:34 -0400

CORRECTED smbpasswd patch attached.

Other had a stupid typo in getopt call, would cause a core dump on joining
domain.

Thought I had already fixed it, sorry.

Jerry

----- Original Message -----
From: "Jerry Murdock" <jmurdock@itraktech.com>
To: "Andrew Bartlett" <abartlet@samba.org>
Cc: "Andrew Bartlett" <abartlet@samba.org>; "Squid-Dev (E-mail)"
<squid-dev@squid-cache.org>; "Henrik Nordstrom" <hno@squid-cache.org>
Sent: Tuesday, July 09, 2002 5:10 AM
Subject: Trust Accounts in 2.2.x (Was Re: Fwd: Re: [squid-users] winbind
authentication, mystical ?)

> ----- Original Message -----
> From: "Andrew Bartlett" <abartlet@samba.org>
> To: "Jerry Murdock" <jmurdock@itraktech.com>
> Cc: "Andrew Bartlett" <abartlet@samba.org>; "Squid-Dev (E-mail)"
> <squid-dev@squid-cache.org>; "Henrik Nordstrom" <hno@squid-cache.org>
> Sent: Sunday, July 07, 2002 12:42 AM
> Subject: Re: Fwd: Re: [squid-users] winbind authentication, mystical ?
>
> > Jerry Murdock wrote:
>
> > > If so, and the user didn't want to run smbd, would you foresee any
> > > problems with a cron script to load smbd, login, logout, kill smbd?
> >
> > Only that you would have to trigger the timeout processing... Yes this
> > is silly.
> >
> And tricky. I'm reliably doing it now, but it is very ugly.
>
> Just about any smbclient session will trigger a call to timeout_processing
> upon ending the connection, but timeout processing bails out at "if
> (smb_read_error == READ_EOF)."
>
> The second call to timeout_processing is commented:
> * Ensure we do timeout processing if the SMB we just got was
> * only an echo request.
> I haven't looked at exactly what an SMB echo request is, but this has not
> been triggered in the testing I've done.
>
> The third instance is every 200 requests. This fires consistently and the
> following snippet appears to cause a trust account password change
> consistently:
>
> ==>>
> #!/usr/bin/perl -w
> system("smbd -i &"); #remove if smbd normally running
> sleep 2;
> open (PIPE, "| smbclient //127.0.0.1/fredsdir -U
> mydomain\\\\myuser%mypass");
> select PIPE;
> $|=1;
> for ($i = 1; $i < 205; $i++) {
> print "mkdir dummydir\n";
> sleep 1;
> }
> print "rmdir dummydir\n";
> print "exit\n";
> <<==
>
> This obeys "machine password timeout" as set in smbd.conf. Which means it
> resets the pw only if the timeout has expired.
>
> Yes it's horrid, but it's workable.
>
> It at least provides an option for an unpatched samba 2.2.x.
>
> > Probably the best advise it to prepare a patch that simply does what the
> > 'net rpc changetrustpw' does in HEAD.
> >
>
> Attached is a diff to smbpasswd to add domain trust account pw changing,
> syntax is:
>
> smbpasswd -t mydomain -r mypdc
>
> Jerry

Received on Mon Jul 15 2002 - 12:12:50 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:15:50 MST