Luke Kenneth Casson Leighton
lkcl at regent.push.net
Tue May 5 10:25:46 GMT 1998
On Mon, 4 May 1998, Celso Kopp Webber wrote:
> Hi all!
> I'm currently running the last sources from the samba CVS tree, and
> it works
> very well.
> I've heard recently that NT had a weakness because it accepted the
> so called
> 'null sessions', so that one machine could administer another NT
> remotely, without
> providing a username and password. I found a small program on Internet,
> QTIP, that can query any NT machine and get many useful information from
> such as a list of users, list of shares, information about a user (for
> instance, user
> cannot change password). I've tested this program against one NT4 server
> my administration, accross the Internet, and it worked! The bad part is
> it worked against SAMBA NTDOM too!
> Am I mistaked? Does this really constitute a security hole that
> samba is
you are absolutely correct :-)
> I've heard also that NT4 with SP3 can, if the administrator
> be setup on the registry to not accept 'null sessions'. Wouldn't it be
> interesting to
> samba do the same?
> Thanks in advance, and sorry if I'm saying any nonsense.
you are not speaking nonsense.
dana, can you add this one to the TODO list, at the top :-)
More information about the samba-ntdom