Security issue with Scheduled (AT) jobs on NTworkstation and SAMBA

[kevin.k.sochacki at exxonmobil.com]

I use the Scheduler to run a process on a NT workstation that attaches to a
SAMBA (SAMBA 2.0.6 on RH 6.2) share as a specific user (USER1),  if another
user (USER2) logs onto the system and the link is still established the
other user (USER2) can access the first user's (USER1) data.  The logged on
user (USER2) does not have an account on the SAMBA server and shouldn't be
able to access anything and this is true as long as the first user's
(USER1) link is not established.  If I do the same thing to a NT Server the
logged-in user (USER2) is denied access to the data even though the link is
established.  This is a pretty serious security issue.   Can anyone answer
the following question or have any ideal how to close this rather large
security hole?

Is there a SAMBA configuration parameter that I'm not aware of that
addresses this issue?
or
Is this a NT workstations issue?
If it is a NT issue, why so if the problem does not occur with a NT Server?

Attached is a simple example of a batch file, if run from the scheduler
will duplicate the problem.

(See attached file: link.bat)

Currently the only work around I have is to use the '/persistent=no' and
'/d' flags with 'net use' so the link is disconnected after the process is
done.  The intention is to update a database with data being collected from
research instruments which could run for hours making it a huge security
risk.

TIA,

Kevin K. Sochacki
ExxonMobil Research & Engineering
1545 Route 22 East
Annandale, NJ 08801

Room: CB042B
Phone: 908-730-2911
Fax: 908-730-3823
Cell: 908-482-0840
mailto:kevin.k.sochacki at exxonmobil.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: link.bat
Type: application/octet-stream
Size: 198 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba-technical/attachments/20020401/817f2d99/link.obj