[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#718865: Update and minimize /etc/samba/smbldap-machineadd-gosa

On Mon, Aug 12, 2013 at 06:37:19PM +0200, Mike Gabriel wrote:
> On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote:
> >On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote:
> >>[Wolfgang Schweer]
> >>> Using a normal user account, the failure message is:
> >>>
> >>> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is
> >>> reproducible.
> >>
> >>I get this too when I provide the password.  But when I just press
> >>[enter] on the password prompt, I am logged in and can see my files.
> >>I guess Kerberos login work, while password check do not.
> >
> >Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you
> >immediatly into a smb shell.
> >
> >I noticed a really scaring thing:
> >Logged in as a student using a teacher's uid with the above command, I'm
> >able to get/put/rename/delete files and dirs, cause I seem to get the
> >smb shell under that uid. Something seems to be misconfigured.
> >
> >Can someone try to reproduce this behaviour?
> Reproducible here, as well.

To fix at least the security issue for the moment, disable the samba 
service or add this to the [global] section of smb.conf and restart the 

auth methods = ntdomain

Access and logon won't work.


Attachment: signature.asc
Description: Digital signature

Reply to: