LISTSERV - HP3000-L Archives

HP3000-L Archives

March 1998, Week 5

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L March 1998, Week 5

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Samba/iX question
From:	"Michael D. Hensley" <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Tue, 31 Mar 1998 09:26:33 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (46 lines)

> The guest login works, but I can't seem to log in as a user.  I've set up
> the user.map file with the PC id and the corresponding MPE USER.ACCT, but I
> keep getting the message "The password is incorrect. Try again."

"Ooo, ooo!  Mista Kotter, Mista Kotter!" (Waving my hand frantically in the
air!)

Every time I purge SAMBA off my system and test re-installing from the
FREEWARE tape, I have this problem.  I bang my head against the wall for a
few days, then email Lars.  He sends me back a list of trouble-shooting
ideas....

...and it's the same stupid thing every time!  (I'm a *real* slow learner).

You need to add PM to the SAMBA account AND the user MGR.SAMBA.

So why doesn't the install script do this for you?  Well, the idea was to not
create new PM accounts on the system.  That's why there is a SAMBA.SYS group
to hold the program files.

If you only want "guest" access, it works fine.

I'm going to experiment with creating a SAMBA.SYS user for the JNMB and JSMB
jobs to log in as.  I still think the "no new PM accounts" is a good idea.
Stay tuned!

Bonus question: Hey, I thought the only users who needed PM were those who
wanted to add PM capability to a program file?  You certainly don't (and
shouldn't) need PM just to run a PM program.  What gives?

Short answer: I don't know.  I haven't looked at the code, or discussed this
with Lars yet.  But, remember, MGR.SAMBA needs to look up *anyone's*
password.  A PM program (SMBD) can do this, but if anyone on the system
can run the program, then anyone on the system can use it to make guesses at
the MANAGER.SYS password.  The normal way would be to have the program check
and see if the user running it (MGR.SAMBA) has SM, but if he does, then the
SMBD program could access any file on the system, and it might be
possible for someone to exploit security holes in SAMBA.

It looks like the idea is to allow anyone to run SMBD, but only users with PM
can use it to validate passwords.
---
Michael D. Hensley       | mailto:[log in to unmask]
Allegro Consultants Inc. |
408/252-2330             | Visit scenic http://www.allegro.com

ATOM RSS1 RSS2

RAVEN.UTC.EDU