[Samba] A possible big security issue

[AndyLiebman at aol.com]

Hi, 

I am using a mix of Samba 3.0.13 and  3.0.20 on Linux (basically, Mandrake 10 
and 10.2). I haven't tested this yet on  the 3.0.20 machines, but on the 
3.0.13 machines I'm seeing something very  disturbing. 

I have set up a number of shares which are accessible only  to members of the 
group "workers". The shares are set to NOT allow guests even  read only 
access. When clicking on the shares in Windows Explore, Samba and/or  Windows will 
prompt the user for a username and password (if the user isn't  logged on to 
his/her Windows workstation with a valid Linux/smb username and  password). 
After supplying a valid username and password, the user can mount the  share as a 
network drive and thereafter all other shares to which he/she has  access.

However, I have just discovered that if I create a *.bat file, I  can run 
"net use" to mount the share simply by supplying a valid username. I am  never 
prompted for a password (I can include the password in the "net use" line  -- 
i.e., 

net use M: \\netbiosname\sharename "password"  /USER:username

But if I simply leave out the "password" the share mounts  all the same. And 
I can read and write to the share. Seems kind of dangerous to  me. 

I know that windows caches lots of usernames and passwords, so I  went to the 
place where Windows stores those things and deleted the listings for  the 
server in question. After completely rebooting the Windows machine, I was  still 
able to log on via "net use" without supplying a password. 

Has  this issue been seen before? 

Andy Liebman