I have a question about Samba's interaction with the PDC and SAM database on the windows domain. There are some in my company who say that Samba must read and write to the SAM databse in order to authenticate a user. This, according to them, poses a security risk in that a UNIX user could obtain tools to gain access to the SAM, retrieve all passwords and potentially corrupt the database. My question is simple, is this true and is there a way to ease their concerns? Thanks, Please respond to: Douglas.Shaw@pb.com
On Tue, Apr 02, 2002 at 03:42:16PM -0500, Douglas.Shaw@pb.com wrote:> I have a question about Samba's interaction with the PDC and SAM database > on the windows domain. There are some in my company who say that Samba must > read and write to the SAM databse in order to authenticate a user.No, this is not true.> This, > according to them, poses a security risk in that a UNIX user could obtain > tools to gain access to the SAM, retrieve all passwords and potentially > corrupt the database. My question is simple, is this true and is there a > way to ease their concerns?Yes, get them to add a Samba server to their domain and *NOT TELL YOU THE ADMINISTRATOR PASSWORD* :-). That way you can prove to them that you don't need write access :-). Regards, Jeremy Allison, Samba Team.
If I remember correctly, it reads from the database for authentication, the same way that a Windows client does. It sends an authentication request with an encrypted password. It doesn't write to the database at all. This is no more insecure than using a Windows client to connect. Samba is a reverse engineering of the SMB protocol that Windows uses. I would suggest reading the SMB protocol documentation on the Samba site and searching for SMB on Microsoft's knowledgebase and Google. No network connection is completely secure. It depends on encryption methods and ultimately on the administrator. -- Brian ----- Original Message ----- From: <Douglas.Shaw@pb.com> To: <samba@lists.samba.org> Sent: Tuesday, April 02, 2002 2:42 PM Subject: [Samba] Domain question> I have a question about Samba's interaction with the PDC and SAM database > on the windows domain. There are some in my company who say that Sambamust> read and write to the SAM databse in order to authenticate a user. This, > according to them, poses a security risk in that a UNIX user could obtain > tools to gain access to the SAM, retrieve all passwords and potentially > corrupt the database. My question is simple, is this true and is there a > way to ease their concerns? > > Thanks, > > Please respond to: > Douglas.Shaw@pb.com > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
On Tue, 2 Apr 2002 Douglas.Shaw@pb.com wrote:> I have a question about Samba's interaction with the PDC and SAM > database on the windows domain. There are some in my company who say > that Samba must read and write to the SAM databse in order to > authenticate a user. This, according to them, poses a security risk in > that a UNIX user could obtain tools to gain access to the SAM, retrieve > all passwords and potentially corrupt the database. My question is > simple, is this true and is there a way to ease their concerns?Samba requires the same level of privildge provided to any other member of the Windows domain. In other words, for "security = domain", smbd needs a machine trust account in the domain (just like NT) so that it can communicate with the PDC. The level of risk Samba poses in this situation can be compared to the same level of risk if someone where to gain local administrative access to a NT box that was a member of the same domain. Either way you could gain the password hash of the machine trust account and impersonate the domain member. cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--
I am playing around with using samba as a domain controller and have a question. If I setup a domain how do I make it so that my servers are only accessible if they logon on to the domain? This is the scenario that I am thinking about. I have a win9*/2000/XP system that I connect to the LAN, I cannot log on to the domain because I don't have an account. I find the IP of a file server on the network and begin to try and gain access by using username/password combo's. How do I prevent this scenario from happening? I am sure the answer is obvious but I don't know what I am looking for. Could someone give me a clue as to what I will need to do? Thanks for any help, Jon