syamsu.alam@showa.co.id
2006-Jun-21 08:44 UTC
[Samba] computer outside domain can access resource to inside
Dear, I have PDC Server running under Redhat 9 and use samba 2.2.7. It has running until now. That I know, users cannot access resources in the network if they don't join to Domain. And, only administrator with root user+password can make users joined to Domain. But, I have one problem. There is one user, bring the private notebook. He create ip address (same with his office-computer), local account and password (same with his account in PDC) in his notebook.Then he un-plug LAN cable from his office-computer and plug-in to his private-notebook. And he can access share-file in other computer. What's wrong ? Please help me. Thanks, SA
Wolfgang Ratzka
2006-Jun-21 09:44 UTC
[Samba] computer outside domain can access resource to inside
syamsu.alam@showa.co.id schrieb:> But, I have one problem. There is one user, bring the private notebook. He create ip > address (same with his office-computer), local account and password (same with his > account in PDC) in his notebook.Then he un-plug LAN cable from his office-computer and > plug-in to his private-notebook. And he can access share-file in other computer. >A user who has physical access to the network will be able to do all kinds of things. (Samba's behaviour in this case is Windows-NT compatible.) As for technical means to prevent this kind of thing: Some switches can be configured to shut down a port if they see an unknown MAC-address. (Cisco's name for this is "port security". Of course there are ways to circumvent this :-/ ). -- Wolfgang Ratzka Phone: +49 6421 2823531 FAX: +49 6421 2826994 Uni Marburg, HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html
Ian Clancy
2006-Jun-21 12:51 UTC
[Samba] computer outside domain can access resource to inside
Syamsu, You need to have winbind running on your PDC and also on any of your domain member servers. Otherwise, anyone with a username on their private PC that already exists on the Domain will be able to access resources as this user. -- Ian Clancy IT Co-ordinator Connaught Electronics Ltd. Dunmore Rd, Tuam, Co. Galway, Ireland. P : ++353 93 23151 F : ++353 93 23110 E : mailto:clancyian@cel.ie W : http://www.cel-europe.com syamsu.alam@showa.co.id wrote:>Dear, > >I have PDC Server running under Redhat 9 and use samba 2.2.7. It has running until now. > >That I know, users cannot access resources in the network if they don't join to Domain. And, only administrator with root user+password can make users joined to Domain. > >But, I have one problem. >There is one user, bring the private notebook. He create ip address (same with his office-computer), local account and password (same with his account in PDC) in his notebook.Then he un-plug LAN cable from his office-computer and plug-in to his private-notebook. And he can access share-file in other computer. > >What's wrong ? Please help me. > >Thanks, >SA > > >