[Samba] Samba security issue
Hi everyone. I have a special security risk analyzer that runs on my network. It scans my ports and looks for open vulnerabilities. I know that no one here knows about the security scans but here is what it tells me. SMB Guest Account Local User Access on port 445. I assume that I need to disable the Guest account login in Samba. I am not sure how to do this, can someone please explain. thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Samba security issue
On Tue, Dec 21, 2010 at 05:06:33PM -0700, Bryan Boone wrote: Hi everyone. I have a special security risk analyzer that runs on my network. It scans my ports and looks for open vulnerabilities. I know that no one here knows about the security scans but here is what it tells me. SMB Guest Account Local User Access on port 445. I assume that I need to disable the Guest account login in Samba. I am not sure how to do this, can someone please explain. Set guest ok = no in the [global] section of your smb.conf, and make sure no other shares redefine it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Security Issue??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 7 Jan 2004, Jim O'Neill wrote: I have noticed the following behavior when testing out Samba 3.0.1 on RH9 with ldap authentication. Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two NT4 domains DOM2 and DOM3 also have a user called test1 with the same password as the user in DOM1 (all three users have the same username and password). All servers are on the same local subnet. When user1 does a logon to the Samba DOM1 (from an XP machine with a machine account in DOM1) he does not have access to DOM2 or DOM3 resources. However a user, test1, on an XP machine belonging to DOM2 can logon to DOM2 and then browse directly to the test1 home share on DOM1, however as expected this user is not recognised by the DOM3 domain. Have I missed something here or could this possibly be a security issue? I think you are seeing some transparent authentication because the usernames and passwords between domains are synchronized. I do not belive there is any security issue here. I would change the passwords of thr user in the 3 domains and retest. ciao, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE//FXrIR7qMdg1EfYRAtHRAKDrzwR/1liIEL1fcK2uJkaLNwwcNQCfbT6O DAqLRvQLd95bZ6w+pyA9SbM= =2QT0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Security Issue??
I have noticed the following behavior when testing out Samba 3.0.1 on RH9 with ldap authentication. Linux Samba V3.0.1 set up as PDC for domain DOM1 has a user test1. Two NT4 domains DOM2 and DOM3 also have a user called test1 with the same password as the user in DOM1 (all three users have the same username and password). All servers are on the same local subnet. When user1 does a logon to the Samba DOM1 (from an XP machine with a machine account in DOM1) he does not have access to DOM2 or DOM3 resources. However a user, test1, on an XP machine belonging to DOM2 can logon to DOM2 and then browse directly to the test1 home share on DOM1, however as expected this user is not recognised by the DOM3 domain. Have I missed something here or could this possibly be a security issue? _ Jim O'Neill Computer Systems Administrator Division of Ecosystem Management School of Environmental Sciences and Natural Resources Management University of New England Armidale NSW 2351 Australia Email:[EMAIL PROTECTED] Phone: 02 6773 2667 Fax: 02 6773 2769 _ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Security issue
Continuing on my previous inquiry, Windows 2000 has the possibility to set numerous permissions on a number of users, but in the linux ext2 file system I only have the possibility to set rwx permissions for owner, group and everybody else. When I have a win2000 roaming profile (stored on ext2fs with samba) and I log on to a different computer, the 'extra' permissions of the NTFS seem to be lost. I have many troubles ppl complaining how file sharing works one day, but the next day not anymore. I really would like to keep the roaming profiles, so any suggestions are welcome to overcome this problem. Bart. -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org] On Behalf Of Jay Ts Sent: 23 octombrie 2002 15:42 To: Bart Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Security issue Bart wrote: My question is probable more a windows 2000 issue, but since my experience is that linux-related mailinglists result in more usable information, I give his a try. That's correct, and maybe you should get a copy of Microsoft's Windows 2000 Resource Kit rather than asking Windows-related questions here. (Since you are using Windows 2000 as a workstation, the Professional version of the RK should do it, and you probably don't need the Server RK.) Does anybodyy know how the access control in shared win2000 folders works? I assumed that if you put it on the network with a share, and you would give access rights to the share, this would be sufficient. No. The way to do it is to configure access rights using ACLs, and then share the folder allowing full control. Or at least, that's the way Microsoft recommends. Another method would be to set the ACLs to allow full control, then set the share permissions, but this is not as fine-grained. (The share permissions apply to all files and directories in the share, whereas ACLs can be set individually.) In either case, be aware that there are two levels of checking: one at the filesystem level, and another at the sharing level. Samba also works like that, since you can set permissions on individual files, and also set parameters such as 'read only' and 'valid users' in share definitions in the smb.conf file. Jay Ts author, Using Samba, 2nd edition -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Security issue
On Thu, 2002-10-24 at 06:05, Bart wrote: Continuing on my previous inquiry, Windows 2000 has the possibility to set numerous permissions on a number of users, but in the linux ext2 file system I only have the possibility to set rwx permissions for owner, group and everybody else. When I have a win2000 roaming profile (stored on ext2fs with samba) and I log on to a different computer, the 'extra' permissions of the NTFS seem to be lost. I have many troubles ppl complaining how file sharing works one day, but the next day not anymore. I really would like to keep the roaming profiles, so any suggestions are welcome to overcome this problem. you want ACLs on the server you need a filesystem such as XFS that can support ACLs and a samba compiled --with-acl-support brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security issue
you want ACLs on the server you need a filesystem such as XFS that can support ACLs and a samba compiled --with-acl-support Does anyone know if the Debian packages are compiled with ACL support? Is there a place where the compile options for the packages can be found? Trey Nolen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security issue
On Thu, 2002-10-24 at 09:31, Trey Nolen wrote: you want ACLs on the server you need a filesystem such as XFS that can support ACLs and a samba compiled --with-acl-support Does anyone know if the Debian packages are compiled with ACL support? Is there a place where the compile options for the packages can be found? the most recent ones are i think you can check to be sure by apt get source samba and look in debian/rules to see what it's calling configure with. then build your new deb with your preferred options 'fakeroot debian/rules binary' brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Security issue
Ls, My question is probable more a windows 2000 issue, but since my experience is that linux-related mailinglists result in more usable information, I give his a try. I have running a network with win98 and win2000 clients, and a samba server to deal with user level security. When I tried to share a folder on a win200 machine for full control for me and another user, I had no problem accessing and modifying the files. The other user on the other hand, could not even browse (nor read) the files in the folder. Does anybodyy know how the access control in shared win2000 folders works? I assumed that if you put it on the network with a share, and you would give access rights to the share, this would be sufficient. Or do you need to change secutity rights on the files in the folder as well? Since I am 'administrator' I can maybe modify files more easy in a share. I hope somebody will be able to help me, Best regards, Bart. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Security issue
Bart wrote: My question is probable more a windows 2000 issue, but since my experience is that linux-related mailinglists result in more usable information, I give his a try. That's correct, and maybe you should get a copy of Microsoft's Windows 2000 Resource Kit rather than asking Windows-related questions here. (Since you are using Windows 2000 as a workstation, the Professional version of the RK should do it, and you probably don't need the Server RK.) Does anybodyy know how the access control in shared win2000 folders works? I assumed that if you put it on the network with a share, and you would give access rights to the share, this would be sufficient. No. The way to do it is to configure access rights using ACLs, and then share the folder allowing full control. Or at least, that's the way Microsoft recommends. Another method would be to set the ACLs to allow full control, then set the share permissions, but this is not as fine-grained. (The share permissions apply to all files and directories in the share, whereas ACLs can be set individually.) In either case, be aware that there are two levels of checking: one at the filesystem level, and another at the sharing level. Samba also works like that, since you can set permissions on individual files, and also set parameters such as 'read only' and 'valid users' in share definitions in the smb.conf file. Jay Ts author, Using Samba, 2nd edition -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Security issue
Bart, Check the permissions on the unix/linux file system. Since access is determined by these permissions. You are probably the owner of the filesystem and the other user is not in the group that was assigned when it was created. Check the samba create mask setting in the smb.conf as well. Regards, Skip :) -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org]On Behalf Of Bart Sent: Wednesday, October 23, 2002 8:08 AM To: [EMAIL PROTECTED] Subject: [Samba] Security issue Ls, My question is probable more a windows 2000 issue, but since my experience is that linux-related mailinglists result in more usable information, I give his a try. I have running a network with win98 and win2000 clients, and a samba server to deal with user level security. When I tried to share a folder on a win200 machine for full control for me and another user, I had no problem accessing and modifying the files. The other user on the other hand, could not even browse (nor read) the files in the folder. Does anybodyy know how the access control in shared win2000 folders works? I assumed that if you put it on the network with a share, and you would give access rights to the share, this would be sufficient. Or do you need to change secutity rights on the files in the folder as well? Since I am 'administrator' I can maybe modify files more easy in a share. I hope somebody will be able to help me, Best regards, Bart. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba