SYSKEY, TNG freeze, 2.0.x->TNG merge and other thoughts

Luke Kenneth Casson Leighton lkcl at samba.org
Thu Feb 10 07:53:07 GMT 2000


> You just stuck the data in a world-readable file. OK, you want to
> obfuscate it with some sort of encryption (bang go performance and/or
> scalability; security died a few minutes ago) - but you still want the

prove it.  if you have no proof, don't make comments like this, you'll
only irritate me )at 3:30am that's not a good idea).

> data publicly available.

yes.
 
> > [actually, if you add a BDC to a domain using NT4, you can use rpcclient's
> > samsync command to pretend to be that BDC because the trust account
> > password is BDCNAMEUNICODELOWERCASE, and grab the entire SAM database
> > anonymously.  the window of opportunity is between when the BDC is added
> > to the domain during the BDC-install stage and when the BDC installation
> > is compelted and yuou are presented , for the first time, with the
> > ctrl-alt-delete box on the BDC.
> > 
> > so yes, microsoft allows anonymous users to download the passwords, but
> > not in the way you perceive or describe.
> > 
> > the word from microsoft is that microsoft does not consider this to be a
> > serious security risk, by the way.  oh, and they've probably fixed it
> > for nt5.]
> 
> This is an accidental security hole which they have now fixed - and you
> want to copy and expand it!?

[too much detail to explain, i have better things to do].

examine rpcclient's createuser command, dammit.  see the -j option.  ntote
the "generate_random_buffer" bit.

then, examine smbpasswd's -j option, and not the _lack_ of
generate_random_buffer bit in the initial trust setup.

_then_ search the samba-ntdom archives for recommendations on whether i
recommend the use of rpcclient of smbpasswd to join workstations to
domains.

until you have done so, please shut up.

you have some useful comments to make, i notice and appreciate, but
please, stop the unproven statements or i'll be hitting "save" (i don't
delete) instead of reading.



More information about the samba-technical mailing list