Samba + W2K question
Cole Tuininga
cole at tuininga.org
Wed Jul 2 22:52:59 EDT 2003
On Wed, 2003-07-02 at 17:00, bscott at ntisys.com wrote:
> On 2 Jul 2003, at 4:16pm, cole at tuininga.org wrote:
> > Anyhow, the server in question is a debian box. The version of samba
> > from "stable" is 2.2.3a which is a little old.
>
> There's a nasty security hole (a remote root exploit) in versions of Samba
> prior to 2.2.8a. Unless your 2.2.3a contains a back-ported fix, you will
> want to upgrade.
Ooo - thanks for the tip. I'm running debian stable and they're usually
pretty good about this kind of thing, but I don't know for sure if it's
been back ported. Can anybody else comment?
The good news is that the server is behind a nat box, and the only folks
on the inside are fairly technically illiterate. 8)
> Apparently it's not easier to upgrade Samba that way. :-)
*chuckle* Valid argument. Maybe I should just break down and compile a
fresh one.
> > I understand that NT/2K(/XP?) systems need to have a "machine account" set
> > up for them. No problem. The host in question has the system name of
> > "gary". I created a gary$ user ...
>
> Easiest way to do this is to just use the
>
> add user script
>
> directive in smb.conf and have Samba add the users.
Cool - I'll give this a try. Is this the literal config line? Or is
script intended to be replaced by a script name?
> > However, when I enter root/passwd on the NT box, the connection fails ...
>
> Can you do this?
>
> smbclient //linuxserver/anyshare -U root
No - in fact I cannot. I reset the password to something very simple
and did the following from the server itself:
center:~# smbclient //center/homes -U root
added interface ip=192.168.1.14 bcast=192.168.1.255 nmask=255.255.255.0
Password:
Domain=[*******] OS=[Unix] Server=[Samba 2.2.3a-12.3 for Debian]
tree connect failed: NT_STATUS_WRONG_PASSWORD
WTF?
> You might also try turning up the "debug level" in "smb.conf".
Sounds like the right route to go - seems like something is screwed up.
The odd thing is that I can authenticate users against this server from
9X machines just fine...
--
Cole Tuininga <cole at tuininga.org>
More information about the gnhlug-discuss
mailing list