Security question

NITIN PANDE npande at bajajauto.co.in
Mon Oct 1 21:09:02 GMT 2001 

If both are PDC, then NT would make a hue and cry about Samba.  Samba
should continue it's work, but may have probs in authentication from
NT.  It also depends on what type of services are being offered by DC.
Simple file sharing may not cause not much prob in net.
It could messy if NT had WINS or Proxy thingy on it (the word that comes
to my mind is WAR!).  hehehehe.. I'm only guessing this situation.
Maybe, I can do some experimentation.
Ciao,
Nitin Pande

Conlan Adams wrote:

>  I was thinking about this, I dont think it would make to large of a
> difference in authentication.  True it would "take over" the domain,
> but since the authentication tokens are still being built off of the
> NT servers data, I doubt you could hijack the domain for any access
> changes....  Please correct me if I'm wrong, I have not tried
> it-Conlan
>
>      -----Original Message-----
>      From: samba-admin at lists.samba.org
>      [mailto:samba-admin at lists.samba.org]On Behalf Of Jan-Pieter
>      van den Heuvel
>      Sent: Monday, October 01, 2001 1:52 PM
>      To: NT-DOM Samba; Samba - General
>      Subject: Security question
>
>      Hi,I was thinking about the security of PDC's and came up
>      with the following scenario:There is a Windows NT server
>      running as PDC for Domain1. Next a Samba server is installed
>      on the same domain and also as PDC (with a higher OS level
>      than WinNT). All users would login to the Samba server,
>      right? But, if this is possible, it would be discovered
>      immediately because no user can login with their original
>      password.Is it possible to configure Samba to be a PDC (for
>      executing logon scripts) and 'relay' the authentication to
>      the original WinNT PDC (with security=server or domain). If
>      that is possible a domain can be 'taken over' without the
>      users noticing it!I don't know if what I described above is
>      possible but if it is, it would be a security hazard when
>      the administrator can not check all the pcs connected to a
>      network!Regards,Jan-Pieter van den Heuvel
>

More information about the samba-ntdom mailing list