Mounting to Windows share with domain user w/o password !?
Hi ,
I found weird mount.cifs behavior . Having RHEL 5.6 . One Linix user successfully mount his Windows host share locally with the following command : #sudo /bin/mount -t cifs //windows-host-name/share-name mount_point -o username=domain-name/user1 Since in our LAN Windows hostname reminds Windows account ( 8 characters) another user – say user2 after listing existing mounts may easily guess Windows account and as a result successfully mount user1’s Windows share without password ! As user2 : ##sudo /bin/mount -t cifs //windows-host-name/share-name mount_point -o username=domain-name/user1 #Password: In both commands windows-host-name and share-name are the same Any ideas ? |
I'd need to know more about the authentication on the windows system. Generally one opens shares read write but protects them by ntfs permissions.
|
The problem is not on Windows side - I may confirm that the same problem exists when I repeat this trick while mounting to Linux server when the last one is a Windows domain member .
Again , once some user mounted his Windows share anothe user may mount the same share w/o password : he knows windows host,share name and username already used since hostname more or less the same as user account in Windows . |
All times are GMT -5. The time now is 10:53 AM. |