[SOLVED] Samba accepts ANY password and bypass to Windows Server Machine
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Samba accepts ANY password and bypass to Windows Server Machine
When I try to connect to my Windows Server from Slackware using Samba, I get the password dialog.
I don't enter a password and click connect. The option chosen doesn't matter because this issue is the same.
I get a second (exactly the same) dialog and enter any password or character.
It bypasses and allows me to login into my Windows Server. Yes, my server has a very long..... password and so does my slackware box. This is definitely a security issue. Anyone know how to fix this?
Last edited by PROBLEMCHYLD; 11-30-2018 at 12:49 PM.
Samba can't bypass the security on your Windows Server. That has to be a configuration issue on the server (it'd be a pretty serious bug and security hole if samba could just bypass passwords of Windows Server).
I haven't poked around with Windows Server since Windows 2000 Server, but the first thing I would check would be that all guest access is disabled. Beyond that, someone else would need to pipe in for suggestions.
Samba can't bypass the security on your Windows Server. That has to be a configuration issue on the server (it'd be a pretty serious bug and security hole if samba could just bypass passwords of Windows Server).
I haven't poked around with Windows Server since Windows 2000 Server, but the first thing I would check would be that all guest access is disabled. Beyond that, someone else would need to pipe in for suggestions.
I only have one account on the server and that is the Administrator.
I only have one account on the server and that is the Administrator.
Yes but the guest account can still be enabled for remote services, regardless if its visible on the login screen... What version of windows server are you running? Have you verified the guest account is disabled? The last version of Windows server I have used is 2003.
I only have one account on the server and that is the Administrator.
That still doesn't matter. This can't be an issue with samba. If you're able to get around the security in Windows Server, it is because of a configuration issue with Windows Server or a very serious bug of Windows Server. Samba can only try and connect and the server will either say yes or no.
If you try and log into the LQ forum using Firefox and you put in the wrong password but you still end up signed on, is that a Firefox issue or a server issue? There is no question that it is a server issue.
If you try and log into the LQ forum using Firefox and you put in the wrong password but you still end up signed on, is that a Firefox issue or a server issue? There is no question that it is a server issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.