Hello, I am running Samba 2.2.5 (built from source) on a Linux 7.3 machine. I have samba setup to use domain authentication and everything is working fine. The security administrator did a scan on the Windows 2000 server being used for authentication. He found a vulnerability attributed to the fact that winbindd needs null sessions on the W2k machine to be enabled (since winbindd sends a null username and null password). Obviously we want to correct this situation. I thought I could correct it when I created the account for the samba server on the W2k box by selecting the account group to be "Pre-Windows 2000 Compatible Access". For some reason this did not work. Does anyone know why this didn't work?
Another way around this is to have winbindd send a legitimate username and password by running 'wbinfo -Ausername%password'. This method raises some questions. First, does winbindd send the username and password encrypted. Second do you have to run 'wbinfo -A..' every time you restart winbindd or is it sufficient to run it only once? Thanks for the information. -Ben -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
