[Samba] Security Issue??

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 7 18:54:35 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 7 Jan 2004, Jim O'Neill wrote:

> I have noticed the following behavior when testing out Samba 3.0.1 on
> RH9 with ldap authentication.
> 
> Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two
> NT4 domains DOM2 and DOM3 also have a user called test1 with the same
> password as the user in DOM1 (all three users have the same username and
> password).  All servers are on the same local subnet.
> 
> When user1 does a logon to the Samba DOM1 (from an XP machine with a
> machine account in DOM1) he does not have access to DOM2 or DOM3
> resources.
> 
> However a user, test1, on an XP machine belonging to DOM2 can logon to
> DOM2 and then browse directly to the test1 home share on DOM1, however
> as expected this user is not recognised by the DOM3 domain.
> 
> Have I missed something here or could this possibly be a security issue?

I think you are seeing some transparent authentication because
the usernames and passwords between domains are synchronized.
I do not belive there is any security issue here.  I would change 
the passwords of thr user in the 3 domains and retest.





ciao, jerry
 ----------------------------------------------------------------------
 Hewlett-Packard            ------------------------- http://www.hp.com
 SAMBA Team                 ---------------------- http://www.samba.org
 GnuPG Key                  ---- http://www.plainjoe.org/gpg_public.asc
 "If we're adding to the noise, turn off this song" --Switchfoot (2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE//FXrIR7qMdg1EfYRAtHRAKDrzwR/1liIEL1fcK2uJkaLNwwcNQCfbT6O
DAqLRvQLd95bZ6w+pyA9SbM=
=2QT0
-----END PGP SIGNATURE-----



More information about the samba mailing list