[Samba] Security Issue??
joneill at metz.une.edu.au
Wed Jan 7 05:49:12 GMT 2004
I have noticed the following behavior when testing out Samba 3.0.1 on RH9
with ldap authentication.
Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two NT4
domains DOM2 and DOM3 also have a user called test1 with the same password
as the user in DOM1 (all three users have the same username and password).
All servers are on the same local subnet.
When user1 does a logon to the Samba DOM1 (from an XP machine with a
machine account in DOM1) he does not have access to DOM2 or DOM3 resources.
However a user, test1, on an XP machine belonging to DOM2 can logon to DOM2
and then browse directly to the test1 home share on DOM1, however as
expected this user is not recognised by the DOM3 domain.
Have I missed something here or could this possibly be a security issue?
Computer Systems Administrator
Division of Ecosystem Management
School of Environmental Sciences and Natural Resources Management
University of New England
Armidale NSW 2351 Australia
Email:joneill at metz.une.edu.au
Phone: 02 6773 2667
Fax: 02 6773 2769
More information about the samba