On Mon, Aug 12, 2013 at 07:09:34AM +0200, Arne Sørli wrote: > [Petter Reinholdtsen] > > I noticed a really scaring thing: > > Logged in as a student using a teacher's uid with the above command, I'm > > able to get/put/rename/delete files and dirs, cause I seem to get the > > smb shell under that uid. Something seems to be misconfigured. > > > > Can someone try to reproduce this behaviour? > > Yes, I got the same behaviour from XP SP3. > > Could log in as a teacher only knowing the teacher uid (using no password) and > could then delete files and so on. The same ting for browsing > \\TJENER\<username> (not logged in). Most probably all this was due to empty LM and NT password hashes stored in LDAP, caused by changes in GOsa 2.7.4 (squeeze version was 2.6.x). To get the hashes right, /etc/gosa/gosa.conf has to be changed (first backup the file). Replace the string "perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen \$ARGV[0]), $/;"" with 'perl -MCrypt::SmbHash -e "print join(q[:], ntlmgen %password), $/;"' Then all user passwords have to be changed using GOsa. Connections should then be possible using the new password, empty passwords should fail. Please test if this works for Windows clients. Wolfgang
Attachment:
signature.asc
Description: Digital signature