On Mon, 2014-06-16 12:53:36 +0200, Marco Gaiarin wrote:
[..]
and in /etc/stunnel/swat.conf.inetd:
cert = /etc/ssl/certs/LNFFVGNobel.pem key = /etc/ssl/private/LNFFVGNobel.pem CAfile = /etc/ssl/certs/LNFFVG.pem
service = swat exec = /usr/sbin/swat execargs = swat -P
[..]
the only thing i suppose is that for some reason stunnel4, run by root in inetd, then switch to an unprivileged user before running swat, preventing access to /var/lib/samba/secrets.tdb .
Marco, I don't think stunnel changes the user ID without a 'setuid = ' statement in the configuration file (as it does not know which user ID to switch to). Are you sure, swat isn't changing the user ID? Does it work without being wrapped by stunnel? Ludolf -- Bihl+Wiedemann GmbH Floßwörthstraße 41 68199 Mannheim, Germany Tel: +49 621 33996-0 Fax: +49 621 3392239 mailto:lholzheid@bihl-wiedemann.de http://www.bihl-wiedemann.de Sitz der Gesellschaft: Mannheim Geschäftsführer: Jochen Bihl, Bernhard Wiedemann Amtsgericht Mannheim, HRB 5796