[Samba] [Fwd: samba 30alpha21 + NT4/2K WS-s]

john at ylenurme.ee john at ylenurme.ee
Fri Feb 28 23:37:55 GMT 2003


>> 4)
>> How could i set up client name resolution so that X client canot
>> announce itself as DC/browse master etc?
>> I every client resolves names via boadcast then when my DC goes down
>> and someone brings up his nt/samba server he could do lotof damaga -
>> collect people passwords etc...
> just use wins - it reduces broadcasting significantly.
> it would not be entirely trivial to just bring up a fake pdc
> you'd need to know the domain SID
> fake authentication of clients
> and fake up some profiles to be downloaded to the user.
>
> I don't think the client authenticates the server with samba.
> someone with more knowledge of the internals might be able to comment
> more usefully on this front...

OK, when PDC is also wins server, then when PDC goes down, wins server
goes down and clients that use only wins server can't find PDC and also
noone cant play fake DC? Am I right?
And also , as I read about p-nodes b-nodes , etc, how can configure
nt4/w2k/xp  to act as for example p-node? Is that so that I specify wins
server and boom it works as P-node?

Acctually another stupid question I'd like to ask now (well I just havent
searchd this out with google yet) is that what is Master Browser ?

I mean samba docs somewhere said that samba wins master browser election
exepct against NT4 server... Which brings question about following
scenario:

I have samba  PDC which also acts as wins server. Now if some damn cracker
sets up win NT 4.0 server and announces itself to wins  master browser
election, then what harm could he do? I mean again, could he stole
passwords, etc... ?






More information about the samba-technical mailing list