[Pkg-samba-maint] Winbind bugreport

Denis Folcher denis.folcher at gmail.com
Thu Aug 2 10:13:46 BST 2018 

Hello,

I would like to report a kind of hole in the winbind package regarding the
cached login setting.

It has been impossible to me, when the cached login is active and
functional, to figure out where were stored the credentials of users from
an active directory hosted by a W2K8 R2 server

Nb: in the end i need to be sure that when the cached login is disabled
there are no hash stored whatsoever.


For your information, i m using the following:

Linux version 4.9.0-6-amd64 (debian-kernel at lists.debian.org) (gcc version
6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.88-1+deb9u1
(2018-05-07)
Debian GNU/Linux 9 \n \l

libnss-winbind:
  Installé : 2:4.5.12+dfsg-2+deb9u2
  Candidat : 2:4.5.12+dfsg-2+deb9u2
 Table de version :
 *** 2:4.5.12+dfsg-2+deb9u2 500
        500 http://security.debian.org/debian-security stretch/updates/main
amd64 Packages
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

libpam-winbind:
  Installé : 2:4.5.12+dfsg-2+deb9u2
  Candidat : 2:4.5.12+dfsg-2+deb9u2
 Table de version :
 *** 2:4.5.12+dfsg-2+deb9u2 500
        500 http://security.debian.org/debian-security stretch/updates/main
amd64 Packages
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

winbind:
  Installé : 2:4.5.12+dfsg-2+deb9u2
  Candidat : 2:4.5.12+dfsg-2+deb9u2
 Table de version :
 *** 2:4.5.12+dfsg-2+deb9u2 500
        500 http://security.debian.org/debian-security stretch/updates/main
amd64 Packages
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

samba:
  Installé : 2:4.5.12+dfsg-2+deb9u2
  Candidat : 2:4.5.12+dfsg-2+deb9u2
 Table de version :
 *** 2:4.5.12+dfsg-2+deb9u2 500
        500 http://security.debian.org/debian-security stretch/updates/main
amd64 Packages
        500 http://deb.debian.org/debian stretch/main amd64 Packages
        100 /var/lib/dpkg/status

nano /etc/security/pam_winbind.conf
cached_login = yes|no

nano /etc/samba/smb.conf
winbind offline logon = yes|no

Regards,

Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20180802/4f5ad9c8/attachment.html>

More information about the Pkg-samba-maint mailing list