Bug 6886 - nmbd in Windows Domain DoS situation
nmbd in Windows Domain DoS situation
Status: NEW
Product: Samba 3.4
Classification: Unclassified
Component: Nmbd
Other Linux
: P3 major
: ---
Assigned To: Jeremy Allison
Samba QA Contact
Depends on:
  Show dependency treegraph
Reported: 2009-11-10 17:18 UTC by John H Terpstra
Modified: 2010-04-10 02:11 UTC (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description John H Terpstra 2009-11-10 17:18:04 UTC
There is a problem with nmbd that may need to be fixed.  A Windows server will check if there is a domain master browser / domain controller for the current domain on start-up -  If there is it will refuse to start the server service and the workstation service.  Nmbd does not do this.

A Linux admin installed samba-3.4.3 on a Linux system with the intent to migrate the existing Windows domain to Samba.  He configured Samba as a PDC for the existing network domain, started Samba and went to lunch.  When he returned from lunch network users were up in arms, they could not log onto the domain.  MS Windows reported (counter-intuitively) that a domain controller for the domain could not be found.  Samba had become the domain master browser and had effectively nuked the legitimate Windows environment.

Samba admins should NEVER do what this guy did, but Samba got a bad name for clobbering a working environment.

Is there anything we can do to check if there is a pre-existing master browser (or such like check) and prevent nmbd for starting if one is found?  Does that make sense?

- John T.
Comment 1 John H Terpstra 2010-02-04 14:43:50 UTC
No comments? If this is intended behavior we should update the documentation and close this bug report. Right?
Comment 2 Jeremy Allison 2010-02-04 18:03:48 UTC
It's an enhancement. Let's leave this open and hopefully I'll get to it.
Comment 3 David Loper 2010-04-09 11:58:46 UTC
We've had many reports and complaints from clients who set their Samba box up as a PDC on the same network as a pre-existing MS Windows domain. They have done this with the expectation that they can transfer files in a migration scenario or an misunderstanding about how domains work and assume interoperability is created when naming the domain the same. Samba does not check to see if there is a domain and forcibly causes unresolvable contention in the namespace. This causes some client workstations to BSOD. We will work to make a work-around that prohibits users from performing this in our UI but there still remains the ability to configure the box offsite and cause this situation and/or manually make a bad entry to the smb.conf which causes this situation.

As it stands, Samba can launch a DoS attack against legitimate installations. This is unacceptable.

Please make a method to check the namespace before starting the daemon.
Comment 4 John H Terpstra 2010-04-09 12:02:36 UTC
I have increased the severity level in view of the nature of the problem.  It is an enhancement that is necessary to prevent legitimate admins from shooting themselves in the foot.  It is also necessary to prevent illegitimates from giving Samba a bad name.