samba - Nov 2005 - samba domain vs linux network security

Dear list,

I don't know if it is appropriate to ask here, if it is not, please 
point me to the right lists (suse-linux-e..?)

I am using a samba pdc right now, and we want to start using linux for 
(some) workstations as well. I have exported /home to my subnet, to 
allow access via nfs. (so you will have your home directory available 
both under windows and linux)

Under windows, you have to add a machine to the domain first, and only 
THEN you are able to connect to your home drive.

Under linux, I have to make sure that the user id's match up (ldap, so 
that's no problem) but some similar to "adding a workstation to the 
domain" is not necessary there. Doesn't this make windows networking 
much more secure?

Suppose I (as a regular user) would install my own linux machine, and 
created users and groups with the same id's as the ldap users / groups. 
My understanding now is, that I would be able to read other people's 
data. (I would simply have to find out each users uid, and that would 
allow me to pretend to be that user, and read his/her data)

I hope I am missing something vital here, or will this indeed work? That 
seems like a big security issue to me...

On 11/9/05, mourik jan c heupink <heupink@intech.unu.edu>
wrote:
> Under windows, you have to add a machine to the domain first, and only
> THEN you are able to connect to your home drive.
Unless I'm greatly mistaken, you can connect to network drives from a
computer that's not joined to the domain.
> Suppose I (as a regular user) would install my own linux machine, and
> created users and groups with the same id's as the ldap users / groups.
> My understanding now is, that I would be able to read other people's
> data. (I would simply have to find out each users uid, and that would
> allow me to pretend to be that user, and read his/her data)
Correct.  However, this is a problem with NFS security in particular,
not Linux network security in general.  NFS has been known for a long
time to be not very secure, for precisely the reasons you give.

You have several options.  First, there are steps that you can take to
improve NFS security somewhat, such as restricting it to particular IP
addresses (although IP addresses can be spoofed).  Second, you can use
NFSv4, which supports proper authentication.  Third, you can use an
alternative means of sharing drives to Linux.  I've actually been
using SMB to access my Linux server's drives from my Linux client, to
avoid setting up a separate file-sharing service.  Several other
options exist - including SSHFS (for more of a quick-and-dirty
approach), AFS, and Coda, but I don't have experience with any of
them.

Josh Kelley

what you're talking abo,ut, and what NFS doesn't provide is
authentication.  I.e. making sure you are who you say you are.  I
believe kerberos is commonly used to address this, though I don't know
much about it, other than it can be very challenging to configure.

You are correct that windows domains, with respect to authentication,
are more secure than simple NFS.  I believe this is how it works: when
you authenticate against a windows domain from an authorized machine,
you are presented with a unique token, that, in theory anyway, can't
be forged.  You then present that token to other network assets, such
as  file servers.  Those systems then look at that token to verify
that you are who you say you are.  Then, confident in who you are,
they establish what you're allowed to do, i.e. filesystem permissions,
etc.

NFS by itself trusts that you are who you say you are, and so has no
authentication machanism of its own.  An LDAP directory as an
authentication backend, provides you with an identity, but doesn't
provide you with any thing that can be taken as proof that that
identity was established by a trusted source.

On 11/9/05, mourik jan c heupink <heupink@intech.unu.edu>
wrote:
> Dear list,
>
> I don't know if it is appropriate to ask here, if it is not, please
> point me to the right lists (suse-linux-e..?)
>
> I am using a samba pdc right now, and we want to start using linux for
> (some) workstations as well. I have exported /home to my subnet, to
> allow access via nfs. (so you will have your home directory available
> both under windows and linux)
>
> Under windows, you have to add a machine to the domain first, and only
> THEN you are able to connect to your home drive.
>
> Under linux, I have to make sure that the user id's match up (ldap, so
> that's no problem) but some similar to "adding a workstation to
the
> domain" is not necessary there. Doesn't this make windows
networking
> much more secure?
>
> Suppose I (as a regular user) would install my own linux machine, and
> created users and groups with the same id's as the ldap users / groups.
> My understanding now is, that I would be able to read other people's
> data. (I would simply have to find out each users uid, and that would
> allow me to pretend to be that user, and read his/her data)
>
> I hope I am missing something vital here, or will this indeed work? That
> seems like a big security issue to me...
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.