Security question

Jan-Pieter van den Heuvel jan-pieter at piozum.com
Mon Oct 1 14:54:01 GMT 2001


Well, when users log on 'through' the Samba server the person owning the
server can write the login script. Then a file, a virus for example, can be
copied to and executed on every workstation in the domain.
This is a rare situation, because almost every network administrator can
check every pc connected to the LAN. But there are some situations where the
administrator can't check every pc. For example a student who connects his
laptop to the local network at his school/university.

Regards,

Jan-Pieter van den Heuvel
  -----Oorspronkelijk bericht-----
  Van: samba-ntdom-admin at lists.samba.org
[mailto:samba-ntdom-admin at lists.samba.org]Namens Conlan Adams
  Verzonden: maandag 1 oktober 2001 21:13
  Aan: Jan-Pieter van den Heuvel; NT-DOM Samba; Samba - General
  Onderwerp: RE: Security question


  I was thinking about this, I dont think it would make to large of a
difference in authentication.  True it would "take over" the domain, but
since the authentication tokens are still being built off of the NT servers
data, I doubt you could hijack the domain for any access changes....  Please
correct me if I'm wrong, I have not tried it


  -Conlan
    -----Original Message-----
    From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Jan-Pieter van den Heuvel
    Sent: Monday, October 01, 2001 1:52 PM
    To: NT-DOM Samba; Samba - General
    Subject: Security question


    Hi,

    I was thinking about the security of PDC's and came up with the
following scenario:

    There is a Windows NT server running as PDC for Domain1. Next a Samba
server is installed on the same domain and also as PDC (with a higher OS
level than WinNT). All users would login to the Samba server, right? But, if
this is possible, it would be discovered immediately because no user can
login with their original password.
    Is it possible to configure Samba to be a PDC (for executing logon
scripts) and 'relay' the authentication to the original WinNT PDC (with
security=server or domain). If that is possible a domain can be 'taken over'
without the users noticing it!

    I don't know if what I described above is possible but if it is, it
would be a security hazard when the administrator can not check all the pcs
connected to a network!

    Regards,

    Jan-Pieter van den Heuvel
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba-ntdom mailing list