On Mon, Aug 12, 2013 at 06:37:19PM +0200, Mike Gabriel wrote: > On So 11 Aug 2013 14:04:26 CEST Wolfgang Schweer wrote: > > >On Sat, Aug 10, 2013 at 11:44:09AM +0200, Petter Reinholdtsen wrote: > >>[Wolfgang Schweer] > >>> Using a normal user account, the failure message is: > >>> > >>> "tree connect failed: NT_STATUS_LOGON_FAILURE"; so the issue is > >>> reproducible. > >> > >>I get this too when I provide the password. But when I just press > >>[enter] on the password prompt, I am logged in and can see my files. > >>I guess Kerberos login work, while password check do not. > > > >Seems to be, cause smbclient -k //tjener/<uid> -U <uid> drops you > >immediatly into a smb shell. > > > >I noticed a really scaring thing: > >Logged in as a student using a teacher's uid with the above command, I'm > >able to get/put/rename/delete files and dirs, cause I seem to get the > >smb shell under that uid. Something seems to be misconfigured. > > > >Can someone try to reproduce this behaviour? > > Reproducible here, as well. To fix at least the security issue for the moment, disable the samba service or add this to the [global] section of smb.conf and restart the service. auth methods = ntdomain Access and logon won't work. Wolfgang
Attachment:
signature.asc
Description: Digital signature