password server (PR#1028)
m.forster at ic.ac.uk
m.forster at ic.ac.uk
Thu Oct 23 17:42:44 GMT 1997
> Date: Wed, 22 Oct 1997 10:24:40 +1000
> From: Andrew Tridgell <samba-bugs at samba.anu.edu.au>
> Subject: Re: password server (PR#1028)
>
> You would be much better off upgrading to 1.9.17p4. I rewrote the password
> server code for p4 and one of the things I changed was to check for a .
> in the name and take the part before the first . as the netbios name. This
> is consistent with what smbclient does.
>
> The new code is also a lot cleaner and also fixes a potential security hole
> if your NT server is misconfigured (some NT servers were accepting
> session setup connections with any password on unknown usernames and not
> setting the guest bit in the reply). The new code does a full
> NetWkstaUserLogon to verify that the password server really meant yes
> when it said yes.
>
> Andrew
>
Is it possible to give details of exactly what misconfiguration on the
NT password server creates this problem (so it can be remedied if it
exists ) ? Also, if samba has root in its invalid users list, does this
guarantee that root access cannot be obtained on a pre-p4 samba server.
Thanks,
Mark Forster.
( m.forster at ic.ac.uk )
Centre for Computing Services, Mech. Eng. Building, Imperial College,
Exhibition Road, London SW7 2BX, United Kingdom. Phone (+44) 0171-594 6918
More information about the samba
mailing list