Security related bug/issue ... or mis-configuration? (fwd)

The Hermit Hacker scrappy at hub.org
Thu Jun 3 14:12:13 GMT 1999 

As a followup to my own email...

We did some testing here today with connecting to the share from an NT
box, where we connect to \\relay\marc as marc when log'd in as a seperate
user...NT refuses to allow it.

Is there a bug with the server that, using smbclient from Linux, allows
you to connect to any share without a password?  Can someone test this and
see if its a local problem or not?

Thanks...

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy at hub.org           secondary: scrappy@{freebsd|postgresql}.org 

---------- Forwarded message ----------
Date: Tue, 11 May 1999 23:53:06 +1000
From: The Hermit Hacker <scrappy at hub.org>
To: Multiple recipients of list <samba at samba.org>
Subject: Security related bug/issue ... or mis-configuration?


Morning...

	Attached are two files.  The first (smb.session) shows one user
connecting to two different shares on a remote server using *no*
password...

	The second is the smb.conf file found on that remote server,
running Solaris 2.6, and Samba 2.0.3 ...

	I'm *really* hoping that its something that we're overlooking as
far as configuration is concerned...or else there is one helluva large
hole in Samba :(

	Authentication, as shown, is to thor.acadiau.ca, which is an NT
server...

	Any help *much* appreciated...

Thanks...

Marc G. Fournier                   ICQ#7615664               IRC Nick: Scrappy
Systems Administrator @ hub.org 
primary: scrappy at hub.org           secondary: scrappy@{freebsd|postgresql}.org 
-------------- next part --------------
sandman:~$ smbclient \\\\relay\\dcurrie -U dcurrie
Unable to open configuration file "/opt/samba/lib/smb.conf"!
pm_process retuned false
Can't load /opt/samba/lib/smb.conf - run testparm to debug it
Added interface ip=131.162.129.111 bcast=131.162.135.255 nmask=255.255.248.0
Server time is Tue May 11 10:17:53 1999
Timezone is UTC-3.0
Password: 
Domain=[ACADIA] OS=[Unix] Server=[Samba 2.0.3]
smb: \> ls
  local.login                                 575  Fri Jul 10 10:48:44 1998
  local.profile                               560  Fri Jul 10 10:48:44 1998
  .profile                            H       144  Fri Jul 10 10:48:44 1998
  local.cshrc                                 124  Fri Jul 10 10:48:44 1998
  .forward                            H        28  Wed Jul 15 11:29:07 1998
  public_html                         D         0  Thu Oct  8 13:26:27 1998
  www                                 D         0  Mon Oct 26 11:14:51 1998
  test.cgi                            A       738  Sun Oct 25 15:20:02 1998
  test.txt                                   1530  Mon Feb  8 09:51:27 1999

                57112 blocks of size 131072. 20832 blocks available
smb: \> exit
sandman:~$ smbclient \\\\relay\\chtaylor -U chtaylor
Unable to open configuration file "/opt/samba/lib/smb.conf"!
pm_process retuned false
Can't load /opt/samba/lib/smb.conf - run testparm to debug it
  .history                            H       477  Mon May 10 15:11:52 1999
  xrelay                              A        99  Fri Jul 25 14:47:58 1997
  .local                             DH         0  Fri Sep 12 13:44:54 1997
  .vacation.dir                       H         0  Mon Jul 28 10:01:09 1997
  .vacation.pag                       H         0  Mon Jul 28 10:01:09 1997
  Mail                                D         0  Fri Sep 12 13:44:54 1997
  www                                 D         0  Mon May 10 15:09:44 1999
  .Xauthority                         H       101  Mon May 10 15:10:36 1999

                57112 blocks of size 131072. 20832 blocks available
smb: \> exit
sandman:~$ 


-------------- next part --------------
[global]

   deadtime = 5
   workgroup = ACADIA
   server string = Samba Server on Relay
   hosts allow = 131.162.
   load printers = yes
   printcap name = lpstat
   log level = 1
   log file = /usr/local/var/samba/log.%m
   max log size = 50
   security = server
   password server = thor.acadiau.ca 
   encrypt passwords = yes
   socket options = TCP_NODELAY 
   dns proxy = no 

[homes]
   comment = Home Directories
   map archive = yes
   map system = yes
   map hidden = yes
   path = %H
   browseable = no
   writable = yes

[www]
   comment = Personal WWW Directories
   browseable = no
   writable = yes
   path = %H/www

[aics]
   comment = Acadia Institute of Case Studies
   path = /usr/local/lib/www/fps/business/aics
   public = no
   writable = yes
   valid users = marc, follows, 028219c

[businessgrads]
   comment = School of Business Graduates Web Site
   path = /usr/local/lib/www/businessgrads
   public = no
   writable = yes
   valid users = marc, hare, 018916f, 019066b
   force user = hare

[csclub]
   comment = Computer Science Club
   path = /usr/local/lib/www/clubs/csclub
   public = no
   writable = yes
   valid users = 020332d
   force user = 020332d

[printers]
   comment = All Printers
   path = /tmp
   browseable = no
   guest ok = no
   writable = no
   printable = yes
   create mode = 0700
   print command = /usr/ucb/lpr -h -P%p /tmp/%s ; rm /tmp/%s &
   lpq command = /bin/lpstat -o %p &
   lprm command = /usr/bin/cancel %p-%j &

More information about the samba mailing list