Samba domain logon

Justin Bennett justin.bennett at dynabrade.com
Mon Mar 15 10:11:00 EST 2004 

:) everyone has an opinion I won't state mine of MS right now. It 
appears that he added a 'user' on the local pc that is an overide for 
the domain:

"yes, from control panel

add user -> username and xxxxx as domain
group : other (administrators)
ok"

He added a user, but it's not really a user (doesn't show up when I do a remote manager) just lets you authenticate to the domain, then gives you local admin rights for a that user.

see:

http://www.dynabrade.com/jbennett/users.jpg



Justin Bennett
Network Administrator
RHCE (Redhat Certified Linux Engineer)
Dynabrade, Inc.
8989 Sheridan Dr.
Clarence, NY 14031
 



On 03/15/2004 9:45 AM, Carl Yost Jr wrote:

>" This person is on a winblows box?"
>
>LOL this group makes me laugh :)
>
>
>----- Original Message -----
>From: Cyber Source <peter at thecybersource.com>
>Date: Mon, 15 Mar 2004 09:43:21 -0500
>To: nflug at nflug.org
>Subject: Re: Samba domain logon
>
>  
>
>>This person is on a winblows box? anything is possible, especially with 
>>xp. Can you log on from a different windows box there at your place with 
>>this persons credentials and see what you get?
>>
>>Justin Bennett wrote:
>>
>>    
>>
>>>Any way he could have given admin priv. to them on the local box? 
>>>Delegation wizard or something?
>>>
>>>Justin Bennett
>>>Network Administrator
>>>RHCE (Redhat Certified Linux Engineer)
>>>Dynabrade, Inc.
>>>8989 Sheridan Dr.
>>>Clarence, NY 14031
>>>
>>>
>>>
>>>
>>>On 03/15/2004 9:29 AM, Cyber Source wrote:
>>>
>>>      
>>>
>>>>It does sound like it's caching or,
>>>>1. Did you restart smb after changing?
>>>>2. Is there another group with these users in that might be allowing 
>>>>a loophole of some sort?
>>>>
>>>>
>>>>
>>>>Justin Bennett wrote:
>>>>
>>>>        
>>>>
>>>>>As usual I have a weird one.
>>>>>
>>>>>I have a samba 2.2.7 domain controller. Everyone logs onto the 
>>>>>domain. This is our remote europe site. They had admin rights, all 
>>>>>memebers of a @domadm group set as the domain admin group. Over the 
>>>>>weekend I removed most of the users from this group only allowing 
>>>>>one person to be an admin.
>>>>>
>>>>>After that the acting admin over there (an accountant) says people 
>>>>>didn't have their profiles (roaming in the users home).
>>>>>
>>>>>He said he logged in as an admin
>>>>>
>>>>>"and I created user 'user' with xxxx(our domain there) domain giving 
>>>>>administrators rights, then logged in as 'user', and she found all 
>>>>>her settings back again, inclunding printing. "
>>>>>
>>>>>(keep in mind his native language is not english.) I'm not sure what 
>>>>>he did exactly thats why I included it, maybe someone has done 
>>>>>something similar and it rings a bell...
>>>>>
>>>>>I thought he just created local users, however I verified they are 
>>>>>still logging into the domain, however they appear to have admin 
>>>>>rights again.
>>>>>
>>>>>It sounds like he used the GUI tool to try and grant admin rights on 
>>>>>the domain. As far as I know as long as the user isn't in the domadm 
>>>>>group they shouldn't have admin rights correct? Can this be cached 
>>>>>on the machine?
>>>>>
>>>>>Any ideas why they may have admin right still?
>>>>>
>>>>>Justin
>>>>>
>>>>>
>>>>>          
>>>>>
>
>  
>

More information about the nflug mailing list