[SAMBA_TNG] netlogond implementation flaw

Luke Kenneth Casson Leighton lkcl at samba.org
Thu Jan 20 21:27:27 GMT 2000


i created a credential-store database for internal use in samba to fix the
case where an SMB connection is dropped and reestablished in between
NetrReqChal / NetrAuth2 and NetrSamLogons.

the database key is "workstation name\0domain name".

this is insufficient.

consider the case where two users of rpcclient log in from the same
workstation, or two smbd processes wish to verify users' passwords.  both
will use the same database key, and one will overwrite the other's
credentials, including the session key.

i have a solution: use the pid of the smbd process or rpcclient process in
the database key.

symptoms: erratic access to SAMBA_TNG files and erratic login access.

give me a few hours to fix this.

thx,

luke



More information about the samba-ntdom mailing list