Hi ,


I found weird mount.cifs behavior .

Having RHEL 5.6 . One Linix user successfully mount his Windows host share locally with the following command :


#sudo /bin/mount -t cifs //windows-host-name/share-name mount_point -o username=domain-name/user1

Since in our LAN Windows hostname reminds Windows account ( 8 characters) another user – say user2 after listing existing mounts may easily guess Windows account and as a result successfully mount user1’s Windows share without password !

As user2 :
##sudo /bin/mount -t cifs //windows-host-name/share-name mount_point -o username=domain-name/user1
#Password:

In both commands windows-host-name and share-name are the same

Any ideas ?

I'd need to know more about the authentication on the windows system. Generally one opens shares read write but protects them by ntfs permissions.

The problem is not on Windows side - I may confirm that the same problem exists when I repeat this trick while mounting to Linux server when the last one is a Windows domain member .

Again , once some user mounted his Windows share anothe user may mount the same share w/o password : he knows windows host,share name and username already used since hostname more or less the same as user account in Windows .