[Samba] Removing ALL security from samba. :)
Joel Hammer
Joel at HammersHome.com
Mon Jul 15 17:05:02 GMT 2002
Here is what I just captured on my samba server. At a windows98 box I logged
on with a brand new name, bogus, which has no account on the samba server.
These are my security settings:
[global]
encrypt passwords = yes
null passwords = true
netbios name = JHAMMER6
security = share
guest account = ftp
read only = No
guest ok = Yes
[public]
comment = Root directory
path = /
read only = yes
create mask = 0777
exec = rm /tmp/Hello;echo \"m %m \" \"G %G \" \"I %I \" \"L %L \" \"M %M \" \"N %N \" \"R %R \" \"T %T \" \"U %U \" \"a %a \" \"d %d \" \"h %h \" \"p %p \" \"v %v \" \"H %H \" \"P %P \" \"S %S \" \"g %g \" \"u %u \" | xargs -n1 /usr/local/samba/bin/Hello;\
echo This is my home %$(HOME) >> /tmp/Hello
preexec close = Yes
Here is what I captured in the /tmp/Hello file:
client machine NetBios name = hammer8 (%m)
Primary goup name of U = ftp (%G)
IP address of client = 192.168.0.8 (%I)
Netbios name of server = jhammer6 (%L)
Internet DNS of client= hammer8.jhammer.org (%M)
NIS home directory= jhammer6 (%N)
Protocal level = NT1 (%R)
Current time and date= 2002/07/15 19:43:38 (%T)
SESSION USER NAME (ONE THE CLIENT WANTED)= bogus (%U) <---BINGO
Architecture of remote machine= Win95 (%a)
Process ID of current server= 6668 (%d)
Internet DNS hostname of server= jhammer6 (%h)
Path of services home directory from NIS= (%p)
Samba version= 2.2.1a (%v)
Home directory of user in u= /home/ftp (%H)
Root directory of current service = / (%P)
Name of current service = public (%S)
Primary group name of u in share = ftp (%g)
User name of current service = ftp (%u)
I guess the point of all this is:
With:
security = share
guest ok = yes
guest account = ftp
you can capture anybody who logs on with %U and their Netbios name as %m and
their DNS name in %M
If you want the Hello program which sets up the pretty text file:
#!/bin/bash
i=`echo "$1" | tr -s " "`
index=`echo "$i" | cut -d" " -f1`
value=`echo "$i" | sed 's/^. //'`
case $index in
m ) message="client machine NetBios name = $value";;
M ) message="Internet DNS of client= $value";;
I ) message="IP address of client = $value";;
a ) message="Architecture of remote machine= $value";;
U ) message="Session user name (one the client wanted)= $value";;
L ) message="Netbios name of server = $value";;
h ) message="Internet DNS hostname of server= $value";;
R ) message="Protocal level = $value";;
v ) message="Samba version= $value";;
T ) message="Current time and date= $value";;
G ) message="Primary goup name of U = $value";;
N ) message="NIS home directory= $value";;
d ) message="Process ID of current server= $value";;
p ) message="Path of services home directory from NIS= $value";;
H ) message="Home directory of user in u= $value";;
P ) message="Root directory of current service = $value";;
S ) message="Name of current service = $value";;
g ) message="Primary group name of u in share = $value";;
u ) message="User name of current service = $value";;
esac
echo $message \(\%$index\) >> /tmp/Hello
If this works, let me know.
Joel
On Mon, Jul 15, 2002 at 04:29:42PM -0600, Geoff Dyment wrote:
> Hi,
>
> I've got samba running on multiple machines, blah blah works great...
>
> On my new fax server (RH7.2) I want any windows user to be able to connect
> using any username/password. I got it to work with the nobody/pc guest
> accounts, but that defeats the purpose (I need to see their windows/default
> username).
>
> Basically you connect to the fake samba shared printer, and the script mails
> a URL with info back to USER at domain. Adding and maintaining a NT->Unix
> account mapping would be a massive pain, as would creating an account for
> each user. Surely someone has done this before? :)
>
> Regards,
>
> Geoff
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list