Security question

Jan-Pieter van den Heuvel jan-pieter at piozum.com
Mon Oct 1 10:53:02 GMT 2001


Hi,

I was thinking about the security of PDC's and came up with the following
scenario:

There is a Windows NT server running as PDC for Domain1. Next a Samba server
is installed on the same domain and also as PDC (with a higher OS level than
WinNT). All users would login to the Samba server, right? But, if this is
possible, it would be discovered immediately because no user can login with
their original password.
Is it possible to configure Samba to be a PDC (for executing logon scripts)
and 'relay' the authentication to the original WinNT PDC (with
security=server or domain). If that is possible a domain can be 'taken over'
without the users noticing it!

I don't know if what I described above is possible but if it is, it would be
a security hazard when the administrator can not check all the pcs connected
to a network!

Regards,

Jan-Pieter van den Heuvel
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba-ntdom mailing list