A Redhat 6.0 linux server with Samba 2.0.6, Windows 95/98 clients. By accident I just discovered a surprising and quite disappointing password problem on our Samba network. If a user on our network has a non-empty Windows password, he is forced to supply his password to log in to the network and gain writing privilegies -- as expected. However, if the user has an empty Windows password, he is able to log in to the nework and gain writing privilegies to the shares at the linux-server without ever supplying any password. This is both on his own profile share and for the common shares on the server. How can that be? In our "friendly" network it is not a major problem. It still is undesirable though. Is it a Samba bug? Best regards, - Carsten
On Wed, 29 Mar 2000 00:04:53 +1000, hai scritto:>However, if the user has an empty Windows password, he is >able to log in to the nework and gain writing privilegies to the >shares at the linux-server without ever supplying any password. >This is both on his own profile share and for the common shares >on the server.Look for the permissions of all dirs in the path to the share. Check with smbstatus if the users logs on with his uid or as guest. Reproduce the login with smbclient: smbclient '\\server\share' -Uuser%pass smbclient '\\server\share' -Uuser% and see samba messages. -- giulioo@pobox.com
>>However, if the user has an empty Windows password, he is >>able to log in to the nework and gain writing privilegies to the >>shares at the linux-server without ever supplying any password. >>This is both on his own profile share and for the common >>shares >>on the server.>Look for the permissions of all dirs in the path to the share. >Check with smbstatus if the users logs on with his uid or as >guest.Even though no password is supplied, the user logs in with his uid: [cn@esc /home/cn] $smbstatus Samba version 2.0.6 Service uid gid pid machine ---------------------------------------------- data common common 2375 cnj (192.168.0.2) Wed Mar 29 10:23:31 2000 cnj cn cn 2375 cnj (192.168.0.2) Wed Mar 29 10:23:32 2000 ....... "data" is a common share, where everybody logged in is forced to be the user "common" with the parameter setting in smb.conf: force user = common Only user and group member have writing privilegies (-- even without supplying passwords :-o ) "cnj" is a share belonging to user cn. Nobody else has writing privilegies. I cannot reproduce the no-password login with smbclient: [cn@esc /home/cn] $smbclient '\\esc\cnj' -Ucn%tmppass smb: \> [cn@esc /home/cn] $smbclient '\\esc\cnj' -Ucn% session setup failed: ERRSRV - ERRbadpw Other ideas to diagnose this problem? - Carsten
>>I cannot reproduce the no-password login with smbclient: >>[cn@esc /home/cn] $smbclient '\\esc\cnj' -Ucn%tmppass >>smb: \> >>[cn@esc /home/cn] $smbclient '\\esc\cnj' -Ucn% >>session setup failed: ERRSRV - ERRbadpw>Have you tried deleting all *.pwl files on the win9x machine?You have got something there. I just deleted the *.pwl files on my win95 machine. After that I could not succesfully log in without supplying the password. However, when prompted for a password there is an option to save the password in some sort of password list -- and the default is that the password is saved. Thus, the problem will appear again unless all users are instructed NOT to allow the password to be saved in that list on their machines...... Can't Samba be instructed not to accept passwords just from the list?>How is the [homes] section set up in smb.conf, and which is >the guestuser? [homes] comment = Home Directories browseable = no writable = yes available = no public = no only user = no The machines are configured so that the users see a share like: [cnj] path = /home/cn/filearea writable = yes browseable = no -Carsten