We run 250 machines in a workgroup environment with samba 2.2.8 (dont ask) and user level security. When we went to set up wpkg we found that we needed a samba 3 server with user level access. At this point the wpkg user credentials were passed correctly between machines when connections were attempted using (as far as I can tell) NTLMv2. Of course the user/pass must exist on both machines, but you dont need guest access.
client NTLMv2 auth = Yes -- Michael Chinn User Support Officer - Information Technology Great Barrier Reef Marine Park Authority PO Box 1379 TOWNSVILLE, QLD 4810 Ph 07 47500874 Fax 07 4772 6093 [EMAIL PROTECTED] ================================================================================ If you have received this transmission in error please notify us immediately by return email and delete all copies. Any unauthorised use, disclosure or distribution of this email is prohibited. ================================================================================ Marco Gaiarin wrote, On 11/06/2007 17:27: > Mandi! Florian Klaempfl > In chel di` si favelave... > > >> Is this a real issue? Having the ability to connect a machine with admin >> access to the network (this is required to setup a fake server) offers a >> lot of other possible DoS attacks (formatting a hard disk of a client PC >> is no more than a DoS attack to this machine). >> > > I'm exactly thinking about this. > > On a 'old domain' (NT4, Samba, W2k in compatibility mode) there's still > a 'machine account' that have to be setted up, and the machine account > have to be initialized with an administrator password (eg, someone in > Domain Admins group). > > But if i've got an account in Domain Admins, nothing in the windows lan > are secure. At this point, using WPKG or not using WPKG it is only a > choiche of the attacker, that have *FULL* control of the lan... > I'm not aware of the existence of attacks to the 'machine account' of > NT4/samba. > > > The question, for me, is another: is the 'workgroup' a supported > environment for WPKG? > If yes, some sort of 'authentication' have to be implemented, or at > least state that a 'share level' password in the share are a minimum > requirement. > > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wpkg-users
