On Mon, 2014-06-16 12:53:36 +0200, Marco Gaiarin wrote:
[..]
and in /etc/stunnel/swat.conf.inetd:
cert = /etc/ssl/certs/LNFFVGNobel.pem key = /etc/ssl/private/LNFFVGNobel.pem CAfile = /etc/ssl/certs/LNFFVG.pem
service = swat exec = /usr/sbin/swat execargs = swat -P
[..]
the only thing i suppose is that for some reason stunnel4, run by root in inetd, then switch to an unprivileged user before running swat, preventing access to /var/lib/samba/secrets.tdb .
Marco,
I don't think stunnel changes the user ID without a 'setuid = ' statement in the configuration file (as it does not know which user ID to switch to). Are you sure, swat isn't changing the user ID? Does it work without being wrapped by stunnel?
Ludolf
Mandi! Ludolf Holzheid In chel di` si favelave...
Does it work without being wrapped by stunnel?
Argh! Sometimes simple things to do slip away... effectively is a swat trouble, and knowing that lead me to correct keyword:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 https://bugzilla.samba.org/show_bug.cgi?id=9668
Sorry for supposing it was a stunnel trouble, and thanks to all.
-
Ludolf Holzheid -
Marco Gaiarin