David Collier-Brown davecb at
Mon Oct 4 12:27:49 GMT 1999

Jeremy Allison <jallison at> wrote:
> 1). Evil Hacker (tm) crashes the real NT PDC (quite easy I'm
> afraid if it has a TCP port 139 open).
> 2). Evil Hacker (tm) sets their own laptop up as a logon
> server and registers the 1C name for the domain (which they
> can now do as the PDC is down).
> 3). Evil Hacker (tm) uses smbclient to connect as user "root"
> to a Samba server, and sets his own laptop to allow any password
> authentication for the user "root"......

	This is exactly what a hacker in Kansas did with
	a Yellow Pages server he subverted in Canada, in
	an attack on a client in Japan, circa 1990.
	The international phone call, in the middle of
	the night, was something of a "security wake-up call"
	for my organization (;-))

	I recommend the Samba team be a bit cautious about 
	reproducing the problem.

	However, you might instead wish to consider this 
	as a different problem:
Time Towers wrote:
> If there was a %D substitution for workgroup/domain
> then "password server = $d.ntpdc.whatever" could be
> used to automatically configure it using DNS,

	This sounds more like as an opportunity
	to consider parameterization of smb.conf files.
	What, if anything, do you plan to do in the
	foreseeable future towards such site-local changes?

	If you don't want to add more complexity to the
	file and SWAT, it could be treated as a Unix
	problem instead of a Samba problem: the sites 
	desiring centrally maintained .conf files might 
	use m4 macros to  edit the scripts, possibly under	
	the control of track or rdist.

David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   |
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at

More information about the samba-technical mailing list