Security issue No name and pswd required with the same workgroup
Hello ,
When installing a Toshiba laptop w7 with Wifi on my linux suze 42.2 with Samba and creating a common workgroup it happen the toshiba can enter on the server and Samba without any name or password . It can even read or delete a file !!! How can this happen ? My other desktop always needed to create a user on linux and type a password . Thank you for your answers Ger56 |
Hi ger56,
You are correct that this is atypical behaviour in most circumstances. Could you please post some additional details: - User name on the Toshiba laptop for which this automatic access is granted - smb.conf on your linux server - smbpassword and password contents on your linux server ... let's start with that - it'll help members here assist you. |
hello ,
The Toshiba user name has never been created on linux , so no name and no pswd bu it still can entrer into Samba . Smb.conf is standtard without any security add on . Regards ger56 |
Hi ger56,
Is the Toshiba user name the same as for the desktop that already has samba access ? It would still probably help if you would post the contents of your smb.conf. Cheers, |
Hello ,
The user name of the Toshiba does not exist on samba . I will try to post the Smb.conf . Note : I also tried an other laptop Acer with a name that does not exist on samba user list and it can access samba if the workgroup name on windows is the same as the workgroup created on samba . Ger56 |
You should find record of the SMB connection in the Windows event viewer. You should also see the Toshiba in a list of connected SMB users.
|
That might be a SuSE feature.
|
2 Attachment(s)
Hello ,
Oups , seems nobody is connected but still everything runs ! 4 connected with no names : 192.168.1.111 / 112 / 113/ 114 I do not knwo what happens . The only thing I change in the past was the directory used ( share2 ) to home I had only 40mb available on share2 and did not know how to create a directory with available space ..... See attachment : smbconf and smb connexion Regards Ger56 |
There appears to be a pretty serious security hole in the configuration of your server, which is in fact accepting anonymous connections without challenge, and giving them access! :eek:
How long might this have been going on, when you thought that your data was protected, while it very-obviously isn't? |
Hello ,
May be 2 or 3 month that may be the data are not really protected . But first i know what is going on , where is the mistake and how to correct it , Regards ger56 |
Quote:
|
Quote:
Ger56 |
2 Attachment(s)
again in 2 files attached smb.conf
|
Hi ger56 ...
It will be easier for us to examine your smb.conf if you just post the contents between code tags instead of taking pictures. Like this: Code:
.... contents of your smb.conf ..... |
Quote:
the server is only use for sharing files this is why I made some picture I am not using any browser or printer on it . I can re type the smb.conf if you wish but attached pic should be enough ? Ger56 |
All times are GMT -5. The time now is 02:14 AM. |