Blank password works for root (Fixed!)

Bill Beeman bbeeman at beemangroup.com
Sat Jan 10 03:12:52 UTC 2004


> [mailto:fedora-list-admin at redhat.com]On Behalf Of Bevan C. Bennett
> Sent: Friday, January 09, 2004 4:01 PM
> To: fedora-list at redhat.com
> Subject: Re: Blank password works for root
>
>
> Bill Beeman wrote:
> >
> > Comes from pam_smb-1.1.7-2
>
> Ah! I'd missed that one.
>
> >>* What changes if you remove the pam_smb_auth line? Do you
> still have
> >>null access? Do you still have access using the password?
> >>
> >
> > Commenting out the pam_smb_auth line fixes the immediate
> problem.  No
> > null access, and can log in with the root password.  So perhaps
> > somewhere in the Samba system?  I'm a relative newbie here and don't
> > quite know where to look next.  The offending machine is an
> upgrade from
> > RH9.  The samba server is still an RH9 box, and is running
> Samba 2.2.8a.
>
> There's a lot of scary sounding stuff in
> /usr/share/doc/pam_smb-1.1.7/README, particularly regarding
> the use of
> 'nolocal' to turn off local password file checks. I suspect that your
> samba server is somehow offering an unpassworded 'root' account.
>
> > I really appreciate the help.
>
> No problem. When things slow down it's been good to keep my debugging
> skills fired up. :)
>

Success!

I couldn't find anything in the setup on the samba server that seemed
obvious, recall that the server was a RH9 box running Samba 2.28a, while
the FC1 box was running Samba-common and Samba-client 3.0.0-15.  I
decided to upgrade the server to 3.0.1-2, and the problem vanished.  So
there was something between the versions.  I am almost positive that the
security hold did not exist before the FC1 upgrade to the client.

Many thanks to Bevan, and to all the rest that offered suggestions.

Bill






More information about the fedora-list mailing list