Andrew Bartlett wrote:
On Tue, 2002-11-12 at 16:10, John E. Malmberg wrote:
The exception is much more than that - all sorts of things go over IPC$, and they are protected by their individual ACLs. Enumerating users, all sorts of things. Domain logons are a particular thing that occour initially as guest (pipe-level authentication is done on netlogon, likewise password changes are as guest).
Why should I be surprised that the implementation is not consistent with what they teach at the Microsoft NT System Administration class.
<snip>
Each runs on their own non-privileged account. If the ident serviceThere are many sites that have security standards that prohibit a guest account from being enabled.
So what does 'ident' or 'echo' or 'time' run as?
gets compromized, the cracker has no access to anything else on the machine.
Same with "echo" or "time". Of course this depends on the TCPIP program
in use, and many of these well know services are usually not implemented.
Or even SMTP, BIND, IMAP. Even if a security hole is found in one of these, the privileges are limited.
It is not usual on an OpenVMS system for TCP/IP services to run from the
root account or with root privileges.
That is the point of the guest account, Samba needs a user to become,It may need to be something that is better documented especially for OpenVMS users as they appear to have a different view of account management.
an unprivileged user that cannot break the entire system if Samba
were to accidentally allow file access, for example.
So you propose having 2 accounts?
We have the 'guest ok' parameter, NT ACLs and the 'restrict anonymous' parameter for controlling thing kind of thing, I think adding an new smb.conf option would just break every site out there!
I have a better understanding of this now than I did before. The guest account is not really a guest account.
So it all really is a matter of the mapping between a NT security model
and the host security model.
On most other systems, we use the 'nobody' account, which already exists and requires no further configuration. The default configuration for 3.0 has a 'unixsam' backend, which maps this to the
501 rid. So by default, this looks exactly like NT.
The NOBODY account only exists if some UNIX compatable protocols such as NFS are enabled. It can not be relied to exist on an OpenVMS system.
The behaviour that I would need to implement on OpenVMS to make SMBD behave as the System Administrators expect is:So while it may be technically correct that the NT "GUEST" account is used for some functions based on observations, the practice is not consistent with what Microsoft has been telling NT Administrators.
It is consistent with what occurs on the wire, and really, that's the best we can do.
To have a SAMBA_GUEST account, but when it is used as an attempt to access a share, the SMBD server would pay attention to the "disabled" flag.
When it is used for the other functions, the "disabled" flag would be ignored.
You indicate that SAMBA is using the "Guest Ok" parameter for this function.
So I to make OpenVMS behave as the System administrators expect, when SNMD checks the "Guest Ok" parameter on the share, the guest account also needs the "enabled" flag set.
I wonder how difficult this would be to implement.
I would like to post a summary of this thread on the SAMBA-VMS list.
I am currently trying to learn enough LINUX to NFS map my VMS development disk to a LINUX system and use RSYNC on LINUX to get live updates on SAMBA, so I can start doing active development again since my move.
-John
[EMAIL PROTECTED]
Personal Opinion Only
