[Samba] Possible Security Hole (Bug?)
david_willis at comcast.net
Thu Apr 16 12:26:56 MDT 2015
Thank you for the reply.
Forgive me if I am not understanding correctly, but..
I have heard conflicting reports about whether or not to assign UID to DOM\administrator, even from threads read on these lists :)
However, are DOM\administrator and local "root" not two separate accounts...? One domain admin, one "local" root/admin. So why then would winbind/samba see them as the "same" account...
Especially because even if UID is not assigned to DOM\administrator, it will still be assigned an arbitrary UID from the 3000000-4000000 range via idmap.ldb, no? So either way it's going to have a UID assigned... But thru idmap.ldb this may not be consistent between samba DCs as per the Samba wiki... Which brings me back to why I assigned a UID via RFC2307 :)
But I digress... I still don't see
A. Why samba/winbind would see DOM\administrator and local "root" as the same account, and
B. How DOM\administrator having a UID assigned via RFC2307 makes any difference, as it will have SOME UID assigned anyway (by idmap.ldb if not by me), and in either case it will not be 0
Last note... This was with a CONSOLE login that I was able to gain root access... NOT via ssh... So I don't think sshd_config should play a role either here.
More information about the samba