Security issue No name and pswd required with the same workgroup

ger56 · 07-17-2017, 09:20 AM

Hello ,

When installing a Toshiba laptop w7 with Wifi on my linux suze 42.2 with Samba and creating a common workgroup it happen the toshiba can enter on the server and Samba without any name or password . It can even read or delete a file !!!

How can this happen ? My other desktop always needed to create a user on linux and type a password .

Thank you for your answers

Ger56

Rickkkk · 07-17-2017, 10:18 AM

Hi ger56,

You are correct that this is atypical behaviour in most circumstances. Could you please post some additional details:

- User name on the Toshiba laptop for which this automatic access is granted

- smb.conf on your linux server

- smbpassword and password contents on your linux server

... let's start with that - it'll help members here assist you.

ger56 · 07-17-2017, 10:30 AM

hello ,

The Toshiba user name has never been created on linux , so no name and no pswd bu it still can entrer into Samba .

Smb.conf is standtard without any security add on .

Regards

ger56

Rickkkk · 07-17-2017, 10:35 AM

Hi ger56,

Is the Toshiba user name the same as for the desktop that already has samba access ?

It would still probably help if you would post the contents of your smb.conf.

Cheers,

ger56 · 07-17-2017, 10:52 AM

Hello ,

The user name of the Toshiba does not exist on samba .

I will try to post the Smb.conf .

Note : I also tried an other laptop Acer with a name that does not exist on samba user list and it can access samba
if the workgroup name on windows is the same as the workgroup created on samba .

Ger56

sundialsvcs · 07-17-2017, 11:10 AM

You should find record of the SMB connection in the Windows event viewer. You should also see the Toshiba in a list of connected SMB users.

AwesomeMachine · 07-17-2017, 05:39 PM

That might be a SuSE feature.

ger56 · 07-18-2017, 05:20 AM

Hello ,

Oups , seems nobody is connected but still everything runs !
4 connected with no names : 192.168.1.111 / 112 / 113/ 114
I do not knwo what happens .

The only thing I change in the past was the directory used ( share2 ) to home
I had only 40mb available on share2 and did not know how to create a directory with available space .....

See attachment : smbconf and smb connexion

Regards

Ger56

sundialsvcs · 07-18-2017, 09:40 AM

There appears to be a pretty serious security hole in the configuration of your server, which is in fact accepting anonymous connections without challenge, and giving them access!

How long might this have been going on, when you thought that your data was protected, while it very-obviously isn't?

ger56 · 07-18-2017, 09:53 AM

Hello ,

May be 2 or 3 month that may be the data are not really protected .

But first i know what is going on , where is the mistake and how to correct it ,

Regards

ger56

wpeckham · 07-18-2017, 09:56 AM

Quote:

Originally Posted by ger56

Hello ,

May be 2 or 3 month that may be the data are not really protected .

But first i know what is going on , where is the mistake and how to correct it ,

Regards

ger56

Without you posting the configurations for samba, there is no way we can tell what might be wrong with the configuration of samba. We will be watching for you to post this information.

ger56 · 07-18-2017, 10:02 AM

Quote:

Originally Posted by wpeckham

Without you posting the configurations for samba, there is no way we can tell what might be wrong with the configuration of samba. We will be watching for you to post this information.

Look at the attached files and screenshot I sent this morning .

Ger56

ger56 · 07-18-2017, 10:15 AM

again in 2 files attached smb.conf

Rickkkk · 07-18-2017, 11:11 AM

Hi ger56 ...

It will be easier for us to examine your smb.conf if you just post the contents between code tags instead of taking pictures. Like this:

Code:

 .... contents of your smb.conf .....

... The code tags are "["code"]" at the beginning and "["/code"]" at the end (omitting the quotation marks).

ger56 · 07-18-2017, 11:50 AM

Quote:

Originally Posted by Rickkkk

Hi ger56 ...

It will be easier for us to examine your smb.conf if you just post the contents between code tags instead of taking pictures. Like this:

Code:

 .... contents of your smb.conf .....

... The code tags are "["code"]" at the beginning and "["/code"]" at the end (omitting the quotation marks).

hello ,

the server is only use for sharing files this is why I made some picture I am not using any browser or printer on it .

I can re type the smb.conf if you wish but attached pic should be enough ?

Ger56