Re: [stunnel-users] Trouble wrapping samba SWAT...
On Mon, 2014-06-16 12:53:36 +0200, Marco Gaiarin wrote:
[..]
and in /etc/stunnel/swat.conf.inetd:
cert = /etc/ssl/certs/LNFFVGNobel.pem key = /etc/ssl/private/LNFFVGNobel.pem CAfile = /etc/ssl/certs/LNFFVG.pem
service = swat exec = /usr/sbin/swat execargs = swat -P
[..]
the only thing i suppose is that for some reason stunnel4, run by root in inetd, then switch to an unprivileged user before running swat, preventing access to /var/lib/samba/secrets.tdb .
Marco, I don't think stunnel changes the user ID without a 'setuid = ' statement in the configuration file (as it does not know which user ID to switch to). Are you sure, swat isn't changing the user ID? Does it work without being wrapped by stunnel? Ludolf -- Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:lholzheid@bihl-wiedemann.de http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796
Mandi! Ludolf Holzheid In chel di` si favelave...
Does it work without being wrapped by stunnel?
Argh! Sometimes simple things to do slip away... effectively is a swat trouble, and knowing that lead me to correct keyword: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729 https://bugzilla.samba.org/show_bug.cgi?id=9668 Sorry for supposing it was a stunnel trouble, and thanks to all. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/ Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/chi_siamo/5xmille.php (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
participants (2)
-
Ludolf Holzheid -
Marco Gaiarin