[Samba] Proposal to change security=share in Samba 4.0

Andrew Bartlett abartlet at samba.org
Mon Feb 27 03:58:44 MST 2012


I recently proposed on samba-technical that for Samba 4.0, that we
change security=share to have the following semantics:

 - All connections are made as the guest user
 - No passwords are required, and no other accounts are available.

Naturally, full user-name/password authentication remain available in
security=user and above.

The rationale is that we need a very simple way to run a 'trust the
network' Samba server, where users mark shares as guest ok.  I want to
keep these simple configurations working.

At the same time, I want to close the door on one of the most arcane
areas of Samba authentication.  The problem comes from the fact that
Samba never implemented security=share properly:  instead of having one
password per share, we tried to guess the username, and match that to a
username/password pair. 

Not only is this code complex, it begins to fail with modern clients and
modern security settings.  For example, NTLMv2 relies on the username
and workgroup, but clients which send NTLMv2 do not send these in the
'tree connect' request that contains the password.  Instead, we must
remember the previous unchecked 'session setup', and apply the password
from there.  If we instead guess the username, then NTLMv2 will not
work.

Finally, Samba clients only send LM passwords to security=share servers.
LM passwords are very insecure, and are now off by default.  As such,
Samba clients will not connect to any server running security=share by
default.

If you use security=share, and feel that your particular configuration
cannot be handled any other way, please let me know, so we can find the
best to handle your particular requirements. 

Thanks, 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list