6886 – nmbd in Windows Domain DoS situation

Bug 6886 - nmbd in Windows Domain DoS situation

Summary: nmbd in Windows Domain DoS situation

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 3.4
Classification:	Unclassified
Component:	Nmbd (show other bugs)
Version:	3.4.3
Hardware:	Other Linux

Importance:	P3 major
Target Milestone:	---
Assignee:	Jeremy Allison
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-11-10 17:18 UTC by John H Terpstra (mail address dead(
Modified:	2020-12-22 02:44 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John H Terpstra (mail address dead( 2009-11-10 17:18:04 UTC

There is a problem with nmbd that may need to be fixed.  A Windows server will check if there is a domain master browser / domain controller for the current domain on start-up -  If there is it will refuse to start the server service and the workstation service.  Nmbd does not do this.

Background:
-----------
A Linux admin installed samba-3.4.3 on a Linux system with the intent to migrate the existing Windows domain to Samba.  He configured Samba as a PDC for the existing network domain, started Samba and went to lunch.  When he returned from lunch network users were up in arms, they could not log onto the domain.  MS Windows reported (counter-intuitively) that a domain controller for the domain could not be found.  Samba had become the domain master browser and had effectively nuked the legitimate Windows environment.

Samba admins should NEVER do what this guy did, but Samba got a bad name for clobbering a working environment.

Is there anything we can do to check if there is a pre-existing master browser (or such like check) and prevent nmbd for starting if one is found?  Does that make sense?

- John T.

Comment 1 John H Terpstra (mail address dead( 2010-02-04 14:43:50 UTC

No comments? If this is intended behavior we should update the documentation and close this bug report. Right?

Comment 2 Jeremy Allison 2010-02-04 18:03:48 UTC

It's an enhancement. Let's leave this open and hopefully I'll get to it.
Jeremy.

Comment 3 David Loper 2010-04-09 11:58:46 UTC

We've had many reports and complaints from clients who set their Samba box up as a PDC on the same network as a pre-existing MS Windows domain. They have done this with the expectation that they can transfer files in a migration scenario or an misunderstanding about how domains work and assume interoperability is created when naming the domain the same. Samba does not check to see if there is a domain and forcibly causes unresolvable contention in the namespace. This causes some client workstations to BSOD. We will work to make a work-around that prohibits users from performing this in our UI but there still remains the ability to configure the box offsite and cause this situation and/or manually make a bad entry to the smb.conf which causes this situation.

As it stands, Samba can launch a DoS attack against legitimate installations. This is unacceptable.

Please make a method to check the namespace before starting the daemon.

Comment 4 John H Terpstra (mail address dead( 2010-04-09 12:02:36 UTC

I have increased the severity level in view of the nature of the problem.  It is an enhancement that is necessary to prevent legitimate admins from shooting themselves in the foot.  It is also necessary to prevent illegitimates from giving Samba a bad name.