-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 7 Jan 2004, Jim O'Neill wrote:
> I have noticed the following behavior when testing out Samba 3.0.1 on
> RH9 with ldap authentication.
>
> Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two
> NT4 domains DOM2 and DOM3 also have a user called test1 with the same
> password as the user in DOM1 (all three users have the same username and
> password). All servers are on the same local subnet.
>
> When user1 does a logon to the Samba DOM1 (from an XP machine with a
> machine account in DOM1) he does not have access to DOM2 or DOM3
> resources.
>
> However a user, test1, on an XP machine belonging to DOM2 can logon to
> DOM2 and then browse directly to the test1 home share on DOM1, however
> as expected this user is not recognised by the DOM3 domain.
>
> Have I missed something here or could this possibly be a security issue?
I think you are seeing some transparent authentication because
the usernames and passwords between domains are synchronized.
I do not belive there is any security issue here. I would change
the passwords of thr user in the 3 domains and retest.
ciao, jerry
----------------------------------------------------------------------
Hewlett-Packard ------------------------- http://www.hp.com
SAMBA Team ---------------------- http://www.samba.org
GnuPG Key ---- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song" --Switchfoot
(2003)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
iD8DBQE//FXrIR7qMdg1EfYRAtHRAKDrzwR/1liIEL1fcK2uJkaLNwwcNQCfbT6O
DAqLRvQLd95bZ6w+pyA9SbM=2QT0
-----END PGP SIGNATURE-----