OpenBSD Samba vulnerability
 

I set up shared folders with Samba & SWAT on OpenBSD 5.2 and accessed them from Slackware and Windows. I decided to restrict the shared folders to one user who has a non-null password. I restarted Samba and was still able to access the folders without login.

Did you restart smbd and nmbd? Does the user have a valid *samba* password, or just system password? Can you verify the share config after using swat to make changes (i.e. the actual configuration file, not what swat is telling you)?

When I said I restarted samba, I meant '/etc/rc.d/samba,' which I as far as I know, restarts smbd; I do not know what nmbd is. I no longer have the smb.conf and do not recall if I set up a samba password; I thought I just set up a 'guest' folder and it started working, but I might have set up passwords. If I did, they would have been the same as for the users, or blank, but my point is if I removed guest sharing, Windows would be logging in as 'nobody' and should not be able to access these folders anymore that are not owned by 'nobody'... unless I would have had to restart nmbd.