From: Abe Lau on
Hi all again,
seems like there is some strange complications going on.

Now I get a tens of strange warning from logcheck everyday:

localhost smbd[32215]: pam_unix(samba:session): session opened for
user someuser by anotheruser(uid=0)

localhost smbd[32215]: pam_unix(samba:session): session opened for
user user10 by someuser(uid=0)
localhost smbd[32215]: pam_unix(samba:session): session opened for
user user3 by user21(uid=0)
etc.etc...

I could confirm that the user did open a connection at that particular
time, but I am expecting the connection would be opened "by root
(uid=0)" instead of by some restricted user.

However, from my observation, there weren't any security bleach nor
any real problem functionally. Each user is still bounded by his/her
permission granted.

Can I safely ignore those strange log, or is something really going very
wrong?

Thanks for all input,
Abe

On Mon, Jul 12, 2010 at 11:11 PM, Abe Lau
<abelau+samba(a)gmail.com<abelau%2Bsamba(a)gmail.com>
> wrote:

> On Fri, Jul 9, 2010 at 10:43 AM, Abe Lau <abelau+samba(a)gmail.com<abelau%2Bsamba(a)gmail.com>
> > wrote:
>
>> On Fri, Jul 9, 2010 at 8:26 AM, Gaiseric Vandal <
>> gaiseric.vandal(a)gmail.com> wrote:
>>
>>> On 07/08/2010 05:43 PM, Jeremy Allison wrote:
>>>
>>>> On Thu, Jul 08, 2010 at 11:32:32AM +1000, Abe Lau wrote:
>>>>
>>>>
>>>>> Hi,
>>>>> I was having problem with the tdbsam backend in which a particular user
>>>>> got
>>>>> listed twice with pdbedit.
>>>>> (http://www.mail-archive.com/samba(a)lists.samba.org/msg109110.html)
>>>>>
>>>>> Without much hope in fixing it, I am planning to re-generating
>>>>> passdb.tdb on
>>>>> my PDC by:
>>>>> (1)exporting tdbsam to smbpasswd backend
>>>>> (2)delete passdb.tdb
>>>>> (3)re-import smbpasswd to tdbsam backend
>>>>>
>>>>>
>>>> If you do this you lose a lot of the extra
>>>> data that tdbsam stores that smbpasswd does
>>>> not.
>>>>
>>>> Jeremy.
>>>>
>>>>
>>> Does "tdbdump passdb.tbd" show the user listed twice?
>>>
>>> Maybe you can use tdbtool to edit a copy of the file. The man page for
>>> tdbbackup indicates it can check for corruption (but not fix it.)
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>> Yes, it seems to have appeared twice
>>
>> `tdbdump passdb.tdb` gives
>> {
>> key(13) = "RID_000003e9\00"
>> data(5) = "usera\00"
>> }
>> ....................
>> {
>> key(10) = "USER_usera\00"
>> data(180) =
>> "\00\00\00\00\FF\FF\FF\7F\FF\FF\FF\7F\00\00\00\00\B2c6L\00\00\00\00\FF\FF\FF\7F\05\00\00\00nick\00\04\00\00\00ORL\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\01\00\00\00\00\01\00\00\00\00\00\00\00\00\01\00\00\00\00T\04\00\00\01\02\00\00\00\00\00\00\10\00\00\00<\03\0C\8C\98\89\87\DC+\CE\0Ax)JP\01\00\00\00\00\10\00\00\00\A8\00\15\00\00\00
>> \00\00\00\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\FF\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\EC\04\00\00"
>> }
>> ..................
>> {
>> key(13) = "RID_00000454\00"
>> data(5) = "usera\00"
>> }
>>
>> I have tried using tdbbackup -v, but it didn't indicate any corruption. I
>> may try tdbtool on a copy of passdb.db and see how it goes. Thanks for the
>> suggestion.
>>
>
> Just tried using tdbtool and removed one of the duplicated RID key of
> usera. I randomly picked one, because I am really not sure which one is
> correct (or if it even matters). Now, pdbedit does not display 2 duplicated
> entries. I hope that is the solution, and the problem won't come back
> again. will report back in case this leads to other complications.
>
> Just a side note, according to the old man page of tdbtool (
> http://www.samba.org/samba/docs/man/manpages-3/tdbtool.8.html), there is
> an option "check" to verify the integrity of tdb file, but my copy from
> Debian Lenny doesn't have it!
>
> I wonder if there is any other better integrity checking tool for the tdb,
> apart from tdbbackup, which didn't ever report any problem in my case all
> the way anyway!
>
> Thanks all for the help,
> Abe
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba