Security question

Conlan Adams conlan.adams at countryfresh.com
Mon Oct 1 12:12:03 GMT 2001


I was thinking about this, I dont think it would make to large of a
difference in authentication.  True it would "take over" the domain, but
since the authentication tokens are still being built off of the NT servers
data, I doubt you could hijack the domain for any access changes....  Please
correct me if I'm wrong, I have not tried it


-Conlan
  -----Original Message-----
  From: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org]On
Behalf Of Jan-Pieter van den Heuvel
  Sent: Monday, October 01, 2001 1:52 PM
  To: NT-DOM Samba; Samba - General
  Subject: Security question


  Hi,

  I was thinking about the security of PDC's and came up with the following
scenario:

  There is a Windows NT server running as PDC for Domain1. Next a Samba
server is installed on the same domain and also as PDC (with a higher OS
level than WinNT). All users would login to the Samba server, right? But, if
this is possible, it would be discovered immediately because no user can
login with their original password.
  Is it possible to configure Samba to be a PDC (for executing logon
scripts) and 'relay' the authentication to the original WinNT PDC (with
security=server or domain). If that is possible a domain can be 'taken over'
without the users noticing it!

  I don't know if what I described above is possible but if it is, it would
be a security hazard when the administrator can not check all the pcs
connected to a network!

  Regards,

  Jan-Pieter van den Heuvel
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the samba mailing list