NT Domain DoS and Security Exploit with SAMBA Server

Luke Kenneth Casson Leighton lkcl at switchboard.net
Wed Mar 3 19:30:40 GMT 1999

> If you set the workgroup to be the same as the domain of 
> the NT PDC you are referring to, Samba will attempt to 
> register the workgroup<1b> record (due to domain logons being 
> enabled).

are you sure?  it should only register workgroup<1c>.  if workgroup<1b> is
also being registered when "security != user" then this is a mistake.

this is why i changed "domain controller" parameter to a boolean.

> Windows clients use this to locate the DC for their  workgroup
> > database, but it *does* appear in Server Manager, and 
> > reports itself as a Windows NT 4.2 Server.  After some period 
> > of time (which appears to be random, but less than 24 hours) 
> > it begins to report itself as a BDC (Windows NT 4.2 Backup.)
> The annouce as in Samba 2.0.3 allows you to advertise as a 
> workstation although the default is still to advertise as a 
> Server.  

this is different from announcing as a PDC or BDC.  1.9.18 has no rpc code
so it is actually up to Server Manager to botch something together.


More information about the samba-technical mailing list