Samba + W2K question

Cole Tuininga cole at tuininga.org
Wed Jul 2 22:52:59 EDT 2003


On Wed, 2003-07-02 at 17:00, bscott at ntisys.com wrote:
> On 2 Jul 2003, at 4:16pm, cole at tuininga.org wrote:
> > Anyhow, the server in question is a debian box.  The version of samba
> > from "stable" is 2.2.3a which is a little old. 
> 
>   There's a nasty security hole (a remote root exploit) in versions of Samba
> prior to 2.2.8a.  Unless your 2.2.3a contains a back-ported fix, you will
> want to upgrade.

Ooo - thanks for the tip.  I'm running debian stable and they're usually
pretty good about this kind of thing, but I don't know for sure if it's
been back ported.  Can anybody else comment?  

The good news is that the server is behind a nat box, and the only folks
on the inside are fairly technically illiterate. 8)

>   Apparently it's not easier to upgrade Samba that way.  :-)

*chuckle*  Valid argument.  Maybe I should just break down and compile a
fresh one.

> > I understand that NT/2K(/XP?) systems need to have a "machine account" set
> > up for them.  No problem.  The host in question has the system name of
> > "gary".  I created a gary$ user ...
> 
>   Easiest way to do this is to just use the
> 
> 	add user script
> 
> directive in smb.conf and have Samba add the users.  

Cool - I'll give this a try.  Is this the literal config line?  Or is
script intended to be replaced by a script name?

> > However, when I enter root/passwd on the NT box, the connection fails ...
> 
>   Can you do this?
> 
> 	smbclient //linuxserver/anyshare -U root

No - in fact I cannot.  I reset the password to something very simple
and did the following from the server itself:

center:~# smbclient //center/homes -U root
added interface ip=192.168.1.14 bcast=192.168.1.255 nmask=255.255.255.0
Password: 
Domain=[*******] OS=[Unix] Server=[Samba 2.2.3a-12.3 for Debian]
tree connect failed: NT_STATUS_WRONG_PASSWORD

WTF?

>   You might also try turning up the "debug level" in "smb.conf".

Sounds like the right route to go - seems like something is screwed up. 
The odd thing is that I can authenticate users against this server from
9X machines just fine...
-- 
Cole Tuininga <cole at tuininga.org>




More information about the gnhlug-discuss mailing list