[Samba] Client Uses Impostor DC
Ben Cundiff
bcundiff at xes-inc.com
Thu Jul 24 11:13:46 MDT 2014
Hi,
We have two domain controllers running Ubuntu 12.04 and Samba 4.0.6-Debian. The other day, we had a user set up a Windows Server 2012 computer on our development network for testing. This user chose to set up his Windows server as DC, DHCP server, DNS server, and more, for a new domain that he gave the same name as our production domain (let's say both domains are named "domain.com"). Windows 7 clients on the development network correctly recognized that there was no trust relationship between the impostor DC and the workstations, and consequently fell back to using the appropriate/legitimate domain.com DCs. However, one Linux client running Ubuntu 10.04 and Samba 3.4.7 configured to use domain.com now attempted to use the fake domain.com DC to authenticate, despite not being able to join the fake domain.com domain. Once the Windows server was taken offline and clients' winbind service restarted, these linux clients returned to successfully authenticating agains the correct domain controllers.
Is this a known issue? Are there any preventative measures we could take with either the Ubuntu 10.04/Samba 3.4.7 client or with the DCs to prevent this issue from happening again if a counterfeit DC were ever to be placed on our network again?
Thanks,
Ben Cundiff
Associate Sysadmin
X-ES Inc.
bcundiff at xes-inc.com
More information about the samba
mailing list