The Hermit Hacker
1999-Jun-03 14:12 UTC
Security related bug/issue ... or mis-configuration? (fwd)
As a followup to my own email... We did some testing here today with connecting to the share from an NT box, where we connect to \\relay\marc as marc when log'd in as a seperate user...NT refuses to allow it. Is there a bug with the server that, using smbclient from Linux, allows you to connect to any share without a password? Can someone test this and see if its a local problem or not? Thanks... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org ---------- Forwarded message ---------- Date: Tue, 11 May 1999 23:53:06 +1000 From: The Hermit Hacker <scrappy@hub.org> To: Multiple recipients of list <samba@samba.org> Subject: Security related bug/issue ... or mis-configuration? Morning... Attached are two files. The first (smb.session) shows one user connecting to two different shares on a remote server using *no* password... The second is the smb.conf file found on that remote server, running Solaris 2.6, and Samba 2.0.3 ... I'm *really* hoping that its something that we're overlooking as far as configuration is concerned...or else there is one helluva large hole in Samba :( Authentication, as shown, is to thor.acadiau.ca, which is an NT server... Any help *much* appreciated... Thanks... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org -------------- next part -------------- sandman:~$ smbclient \\\\relay\\dcurrie -U dcurrie Unable to open configuration file "/opt/samba/lib/smb.conf"! pm_process retuned false Can't load /opt/samba/lib/smb.conf - run testparm to debug it Added interface ip=131.162.129.111 bcast=131.162.135.255 nmask=255.255.248.0 Server time is Tue May 11 10:17:53 1999 Timezone is UTC-3.0 Password: Domain=[ACADIA] OS=[Unix] Server=[Samba 2.0.3] smb: \> ls local.login 575 Fri Jul 10 10:48:44 1998 local.profile 560 Fri Jul 10 10:48:44 1998 .profile H 144 Fri Jul 10 10:48:44 1998 local.cshrc 124 Fri Jul 10 10:48:44 1998 .forward H 28 Wed Jul 15 11:29:07 1998 public_html D 0 Thu Oct 8 13:26:27 1998 www D 0 Mon Oct 26 11:14:51 1998 test.cgi A 738 Sun Oct 25 15:20:02 1998 test.txt 1530 Mon Feb 8 09:51:27 1999 57112 blocks of size 131072. 20832 blocks available smb: \> exit sandman:~$ smbclient \\\\relay\\chtaylor -U chtaylor Unable to open configuration file "/opt/samba/lib/smb.conf"! pm_process retuned false Can't load /opt/samba/lib/smb.conf - run testparm to debug it .history H 477 Mon May 10 15:11:52 1999 xrelay A 99 Fri Jul 25 14:47:58 1997 .local DH 0 Fri Sep 12 13:44:54 1997 .vacation.dir H 0 Mon Jul 28 10:01:09 1997 .vacation.pag H 0 Mon Jul 28 10:01:09 1997 Mail D 0 Fri Sep 12 13:44:54 1997 www D 0 Mon May 10 15:09:44 1999 .Xauthority H 101 Mon May 10 15:10:36 1999 57112 blocks of size 131072. 20832 blocks available smb: \> exit sandman:~$ -------------- next part -------------- [global] deadtime = 5 workgroup = ACADIA server string = Samba Server on Relay hosts allow = 131.162. load printers = yes printcap name = lpstat log level = 1 log file = /usr/local/var/samba/log.%m max log size = 50 security = server password server = thor.acadiau.ca encrypt passwords = yes socket options = TCP_NODELAY dns proxy = no [homes] comment = Home Directories map archive = yes map system = yes map hidden = yes path = %H browseable = no writable = yes [www] comment = Personal WWW Directories browseable = no writable = yes path = %H/www [aics] comment = Acadia Institute of Case Studies path = /usr/local/lib/www/fps/business/aics public = no writable = yes valid users = marc, follows, 028219c [businessgrads] comment = School of Business Graduates Web Site path = /usr/local/lib/www/businessgrads public = no writable = yes valid users = marc, hare, 018916f, 019066b force user = hare [csclub] comment = Computer Science Club path = /usr/local/lib/www/clubs/csclub public = no writable = yes valid users = 020332d force user = 020332d [printers] comment = All Printers path = /tmp browseable = no guest ok = no writable = no printable = yes create mode = 0700 print command = /usr/ucb/lpr -h -P%p /tmp/%s ; rm /tmp/%s & lpq command = /bin/lpstat -o %p & lprm command = /usr/bin/cancel %p-%j &