Hi, I am using a mix of Samba 3.0.13 and 3.0.20 on Linux (basically, Mandrake 10 and 10.2). I haven't tested this yet on the 3.0.20 machines, but on the 3.0.13 machines I'm seeing something very disturbing.
I have set up a number of shares which are accessible only to members of the group "workers". The shares are set to NOT allow guests even read only access. When clicking on the shares in Windows Explore, Samba and/or Windows will prompt the user for a username and password (if the user isn't logged on to his/her Windows workstation with a valid Linux/smb username and password). After supplying a valid username and password, the user can mount the share as a network drive and thereafter all other shares to which he/she has access. However, I have just discovered that if I create a *.bat file, I can run "net use" to mount the share simply by supplying a valid username. I am never prompted for a password (I can include the password in the "net use" line -- i.e., net use M: \\netbiosname\sharename "password" /USER:username But if I simply leave out the "password" the share mounts all the same. And I can read and write to the share. Seems kind of dangerous to me. I know that windows caches lots of usernames and passwords, so I went to the place where Windows stores those things and deleted the listings for the server in question. After completely rebooting the Windows machine, I was still able to log on via "net use" without supplying a password. Has this issue been seen before? Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba