NT Domain DoS and Security Exploit with SAMBA Server
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Wed Mar 3 19:30:40 GMT 1999
> If you set the workgroup to be the same as the domain of
> the NT PDC you are referring to, Samba will attempt to
> register the workgroup<1b> record (due to domain logons being
are you sure? it should only register workgroup<1c>. if workgroup<1b> is
also being registered when "security != user" then this is a mistake.
this is why i changed "domain controller" parameter to a boolean.
> Windows clients use this to locate the DC for their workgroup
> > database, but it *does* appear in Server Manager, and
> > reports itself as a Windows NT 4.2 Server. After some period
> > of time (which appears to be random, but less than 24 hours)
> > it begins to report itself as a BDC (Windows NT 4.2 Backup.)
> The annouce as in Samba 2.0.3 allows you to advertise as a
> workstation although the default is still to advertise as a
this is different from announcing as a PDC or BDC. 1.9.18 has no rpc code
so it is actually up to Server Manager to botch something together.
More information about the samba-technical