[Samba] Samba4 Client Uses Impostor DC

Ben Cundiff bcundiff at xes-inc.com
Wed Jul 23 12:43:58 MDT 2014

We have two domain controllers running Ubuntu 12.04 and Samba 4.0.6-Debian. The other day, we had a user set up a Windows Server 2012 computer on our development network for testing. This user chose to set up his Windows server as DC, DHCP server, DNS server, and more, for a new domain that he gave the same name as our production domain (let's say both domains are named "domain.com"). Windows 7 clients on the development network correctly recognized that there was no trust relationship between the impostor DC and the workstations, and consequently fell back to using the appropriate/legitimate domain.com DCs. However, one Linux client running Ubuntu 10.04 and Samba 3.4.7 configured to use domain.com now attempted to use the fake domain.com DC to authenticate, despite not being able to join the fake domain.com domain. Once the Windows server was taken offline and clients' winbind service restarted, these linux clients returned to successfully authenticating agains the correct domain controllers. 
Is this a known issue? Are there any preventative measures we could take with either the Ubuntu 10.04/Samba 3.4.7 client or with the DCs to prevent this issue from happening again if a counterfeit DC were ever to be placed on our network again? 


Ben Cundiff 
Associate Sysadmin 
X-ES Inc. 
bcundiff at xes-inc.com 

More information about the samba mailing list