Automatically locating domain controller

Jeremy Allison jallison at
Fri Oct 1 22:10:38 GMT 1999

Jeremy Allison wrote:
> 3). Evil Hacker (tm) uses smbclient to connect as user "root"
> to a Samba server, and sets his own laptop to allow any password
> authentication for the user "root"......
> 4). Trouble follows........
> This is why I haven't added this feature yet. The current
> password server code could be hacked this way if the name
> resolution is set to use a NetBIOS name resolution (wins,
> bcast) but cannot if it is set to use dns. This new feature
> would *always* be hackable in this way.
> Any comments, thoughts ?

To comment on my own comment :-), this is not a problem
with security=domain, only security=server.

The reason is that the user/password authentication is
protected by the machine shared secret in the domain so
Evil Hacker (tm) can't spoof the requesting client. 

So, how about allowing 

password server = <*>

to mean, look up the DOMAIN<1C> name for the current
domain and try authentication to each returned IP
address in turn, but only when "security=domain".

Should be reasonably simple to implement.


	Jeremy Allison,
	Samba Team.

Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-technical mailing list