[Samba] Security Issue??

Jim O'Neill joneill at metz.une.edu.au
Wed Jan 7 05:49:12 GMT 2004

I have noticed the following behavior when testing out Samba 3.0.1 on RH9 
with ldap authentication.

Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two NT4 
domains DOM2 and DOM3 also have a user called test1 with the same password 
as the user in DOM1 (all three users have the same username and password). 
All servers are on the same local subnet.

When user1 does a logon to the Samba DOM1 (from an XP machine with a 
machine account in DOM1) he does not have access to DOM2 or DOM3 resources.

However a user, test1, on an XP machine belonging to DOM2 can logon to DOM2 
and then browse directly to the test1 home share on DOM1, however as 
expected this user is not recognised by the DOM3  domain.

Have I missed something here or could this possibly be a security issue?


Jim O'Neill
Computer Systems Administrator
Division of Ecosystem Management
School of Environmental Sciences and Natural Resources Management
University of New England
Armidale NSW 2351 Australia
Email:joneill at metz.une.edu.au
Phone: 02 6773 2667
Fax: 02 6773 2769

More information about the samba mailing list