Login to domains
Matthew Enger
menger at dhs.org
Mon May 24 03:59:34 GMT 1999
Hello,
At school we run a samba server (2.0.4b) providing domain logins
for approx 150 computers. Where we are having a problem.
When a student comes to login, they can login bypass the domain
login secuirty by loging in as anyone with any password as long as the
domain is not the domain controled by the domain controler.
Anyone know why this is happening and how we can stop it? Does it
have anything to do with samba? I have encolsed a copy of the samba config
of our PDC below.
from,
Matthew Enger
menger at dhs.org
# Global parameters
workgroup = KGV
netbios name = !KGV_SERVER1
server string = KGV Intranet Server (kgv.tj)
interfaces = 10.1.0.4/255.255.0.0 152.101.128.2/255.255.255.128
encrypt passwords = Yes
log file = /usr/log/samba/log.%m
log level = 2
max log size = 1000
deadtime = 30
time server = Yes
socket options = TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
logon drive = h:
logon path =
logon script = bat\startup-%m.bat
domain master = Yes
domain logons = Yes
unix realname = Yes
preferred master = Yes
os level = 65
wins support = Yes
create mask = 0755
directory mask = 0755
force create mode = 0755
force directory mode = 0755
veto files = /_borders/_derived/_fpclass/_overlay/_themes/_vti_cnf/_vti_bin/_vti_pvt/_vti_txt/mbox/mail/.htaccess/.mailboxlist/_vti_map/_vti_bot/_share/httpd/
delete veto files = Yes
force user = %U
force group = %U
read only = No
mangle case = Yes
printcap name = /etc/printcap
print command = /usr/bin/lpr -r -P%p %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
queuepause command = /usr/sbin/lpc stop %p
queueresume command = /usr/sbin/lpc start %p
# Share stuffs
[admin1]
comment = Admin Share 1
path = /home1
valid users = @sys
force user = root
force group = root
read only = Yes
[admin2]
comment = Admin Share 2
path = /home2
valid users = @adm
force user = root
force group = root
read only = Yes
[departments]
comment = Departments Share
path = /home1/_share/departments
valid users = @adm
write list = @adm
create mask = 0660
directory mask = 2770
force create mode = 0660
force directory mode = 2770
[public]
comment = Public File Share
path = /home1/_share/public
write list = @adm
create mask = 0664
directory mask = 2775
force create mode = 0664
force directory mode = 2775
[netlogon]
comment = Network Logon Share
path = /usr/local/share/netlogon
guest ok = Yes
write list = @sys
locking = No
oplocks = No
create mask = 0664
directory mask = 2775
force create mode = 0664
force directory mode = 2775
root preexec = /usr/sbin/lg %U %m
[homes]
comment = Homes Share
browseable = No
# Printer stuffs
[Printer1]
comment = Apple LaserWriter Pro 630-A in Computer Room 1
path = /tmp
printable = Yes
printer driver = HP LaserJet 4
[Printer2]
comment = Apple LaserWriter Pro 630-B in Computer Room 1
path = /tmp
printable = Yes
printer driver = Apple LaserWriter Pro 630
[C2Printer1]
comment = Apple LaserWriter Pro 630-A in Computer Room 2
path = /tmp
printable = Yes
printer driver = Apple LaserWriter Pro 630
[C2Printer2]
comment = Apple LaserWriter Pro 630-B in Computer Room 2
path = /tmp
printable = Yes
printer driver = Apple LaserWriter Pro 630
# Student stuffs
[alcomp]
comment = A-Level Computing Student Share
path = /home2/_share/alcomp
valid users = @alcomp
write list = @alcomp
create mask = 0660
directory mask = 2770
force create mode = 0660
force directory mode = 2770
More information about the samba-ntdom
mailing list