Security related bug/issue ... or mis-configuration? (fwd)
The Hermit Hacker
scrappy at hub.org
Thu Jun 3 14:12:13 GMT 1999
As a followup to my own email...
We did some testing here today with connecting to the share from an NT
box, where we connect to \\relay\marc as marc when log'd in as a seperate
user...NT refuses to allow it.
Is there a bug with the server that, using smbclient from Linux, allows
you to connect to any share without a password? Can someone test this and
see if its a local problem or not?
Thanks...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy at hub.org secondary: scrappy@{freebsd|postgresql}.org
---------- Forwarded message ----------
Date: Tue, 11 May 1999 23:53:06 +1000
From: The Hermit Hacker <scrappy at hub.org>
To: Multiple recipients of list <samba at samba.org>
Subject: Security related bug/issue ... or mis-configuration?
Morning...
Attached are two files. The first (smb.session) shows one user
connecting to two different shares on a remote server using *no*
password...
The second is the smb.conf file found on that remote server,
running Solaris 2.6, and Samba 2.0.3 ...
I'm *really* hoping that its something that we're overlooking as
far as configuration is concerned...or else there is one helluva large
hole in Samba :(
Authentication, as shown, is to thor.acadiau.ca, which is an NT
server...
Any help *much* appreciated...
Thanks...
Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy
Systems Administrator @ hub.org
primary: scrappy at hub.org secondary: scrappy@{freebsd|postgresql}.org
-------------- next part --------------
sandman:~$ smbclient \\\\relay\\dcurrie -U dcurrie
Unable to open configuration file "/opt/samba/lib/smb.conf"!
pm_process retuned false
Can't load /opt/samba/lib/smb.conf - run testparm to debug it
Added interface ip=131.162.129.111 bcast=131.162.135.255 nmask=255.255.248.0
Server time is Tue May 11 10:17:53 1999
Timezone is UTC-3.0
Password:
Domain=[ACADIA] OS=[Unix] Server=[Samba 2.0.3]
smb: \> ls
local.login 575 Fri Jul 10 10:48:44 1998
local.profile 560 Fri Jul 10 10:48:44 1998
.profile H 144 Fri Jul 10 10:48:44 1998
local.cshrc 124 Fri Jul 10 10:48:44 1998
.forward H 28 Wed Jul 15 11:29:07 1998
public_html D 0 Thu Oct 8 13:26:27 1998
www D 0 Mon Oct 26 11:14:51 1998
test.cgi A 738 Sun Oct 25 15:20:02 1998
test.txt 1530 Mon Feb 8 09:51:27 1999
57112 blocks of size 131072. 20832 blocks available
smb: \> exit
sandman:~$ smbclient \\\\relay\\chtaylor -U chtaylor
Unable to open configuration file "/opt/samba/lib/smb.conf"!
pm_process retuned false
Can't load /opt/samba/lib/smb.conf - run testparm to debug it
.history H 477 Mon May 10 15:11:52 1999
xrelay A 99 Fri Jul 25 14:47:58 1997
.local DH 0 Fri Sep 12 13:44:54 1997
.vacation.dir H 0 Mon Jul 28 10:01:09 1997
.vacation.pag H 0 Mon Jul 28 10:01:09 1997
Mail D 0 Fri Sep 12 13:44:54 1997
www D 0 Mon May 10 15:09:44 1999
.Xauthority H 101 Mon May 10 15:10:36 1999
57112 blocks of size 131072. 20832 blocks available
smb: \> exit
sandman:~$
-------------- next part --------------
[global]
deadtime = 5
workgroup = ACADIA
server string = Samba Server on Relay
hosts allow = 131.162.
load printers = yes
printcap name = lpstat
log level = 1
log file = /usr/local/var/samba/log.%m
max log size = 50
security = server
password server = thor.acadiau.ca
encrypt passwords = yes
socket options = TCP_NODELAY
dns proxy = no
[homes]
comment = Home Directories
map archive = yes
map system = yes
map hidden = yes
path = %H
browseable = no
writable = yes
[www]
comment = Personal WWW Directories
browseable = no
writable = yes
path = %H/www
[aics]
comment = Acadia Institute of Case Studies
path = /usr/local/lib/www/fps/business/aics
public = no
writable = yes
valid users = marc, follows, 028219c
[businessgrads]
comment = School of Business Graduates Web Site
path = /usr/local/lib/www/businessgrads
public = no
writable = yes
valid users = marc, hare, 018916f, 019066b
force user = hare
[csclub]
comment = Computer Science Club
path = /usr/local/lib/www/clubs/csclub
public = no
writable = yes
valid users = 020332d
force user = 020332d
[printers]
comment = All Printers
path = /tmp
browseable = no
guest ok = no
writable = no
printable = yes
create mode = 0700
print command = /usr/ucb/lpr -h -P%p /tmp/%s ; rm /tmp/%s &
lpq command = /bin/lpstat -o %p &
lprm command = /usr/bin/cancel %p-%j &
More information about the samba
mailing list