Bug 5621 - Domain Controller Role Change
Domain Controller Role Change
Status: RESOLVED DUPLICATE of bug 5620
Product: mod_auth_ntlm_winbind
Classification: Unclassified
Component: module
Other Windows 2003
: P3 major
: ---
Assigned To: Gerald (Jerry) Carter
Gerald (Jerry) Carter
Depends on:
  Show dependency treegraph
Reported: 2008-07-17 08:54 UTC by Doug Jacobsen
Modified: 2008-11-17 07:43 UTC (History)
0 users

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Doug Jacobsen 2008-07-17 08:54:49 UTC
Winbind paired with krb5-user is able to change the role of any computer in the domain (when using misconfigured setup files). Even the role of the domain controller.

When writing the config files, krb5.conf and smb.conf  if the domain controller (or any other server) is entered in as the computer, then when you attempt to join the computer to the domain the active directory entry for the controller (or server) is overwritten. 

I recently ran into this issue and took down an entire domain doing this, of course the misconfigured files is my fault, but I felt this was not something that should be able to happen in the first place. If a user attempts to connect as the domain controller there should be an error and the user should not be able to continue with the process, at least this is my opinion of how things should work. But i just feel like you shouldn't be able to overwrite the domain controllers attributes in it's own domain.
Comment 1 Guenther Deschner 2008-11-17 07:43:10 UTC

*** This bug has been marked as a duplicate of 5620 ***