[Samba] null session and winbindd questions
Benjamin Herbert
herbert at isis.visi.com
Fri Nov 15 16:12:01 GMT 2002
Hello,
I am running Samba 2.2.5 (built from source) on a Linux 7.3 machine. I
have samba setup to use domain authentication and everything is working
fine. The security administrator did a scan on the Windows 2000 server
being used for authentication. He found a vulnerability attributed to
the fact that winbindd needs null sessions on the W2k machine to be
enabled (since winbindd sends a null username and null password).
Obviously we want to correct this situation. I thought I could correct
it when I created the account for the samba server on the W2k box by
selecting the account group to be "Pre-Windows 2000 Compatible Access".
For some reason this did not work. Does anyone know why this didn't
work?
Another way around this is to have winbindd send a legitimate username
and password by running 'wbinfo -Ausername%password'. This method
raises some questions. First, does winbindd send the username and
password encrypted. Second do you have to run 'wbinfo -A..' every time
you restart winbindd or is it sufficient to run it only once?
Thanks for the information.
-Ben
More information about the samba
mailing list