[pptp-server] Yes, blank username/password works!

Dread Boy dreadboy at hotmail.com
Fri Mar 2 13:12:59 CST 2001 

You are correct, Steve.  I was failing to put in my login username/password. 
  I was assuming (ASS-outta-U-and-Me-ING) that the dial-up name and password 
would do the trick.

It was apples to oranges.

And again, that's correct, using chap-secrets is fine - it's only when using 
libsmbpw that problems arise for the blank user/password deal...  Which is a 
real drag since I hope hoping to keep user list maintenance synced for ease 
of use.

>From: "Cowles, Steve" <Steve at SteveCowles.com>
>To: pptp-server at lists.schulte.org
>Subject: RE: [pptp-server] Yes, blank username/password works!
>Date: Fri, 2 Mar 2001 11:19:11 -0600
>
> > -----Original Message-----
> > From: Dread Boy [mailto:dreadboy at hotmail.com]
> > Sent: Friday, March 02, 2001 1:37 AM
> > To: pptp-server at lists.schulte.org; vgill at technologist.com
> > Subject: RE: [pptp-server] Yes, blank username/password works!
> >
> >
> > Yeah, and on top of all this it doesn't seem to matter what I
> > log in as, my username and password don't get carried over to
> > SAMBA for authenticating with server shares.
>
>Lets make sure we are comparing apples to apples here. The 
>username/password
>that you specify in your windows PPTP dialup profile has NEVER been carried
>over for share access. Please keep the following in mind...
>
>1) The PPTP tunnel uses the user/pass specified in your PPTP dialup profile
>to authenticate the tunnel connection ONLY.
>
>2) Share access uses the user/pass that you specified when you turned on
>your PC and logged in to get to your desktop. FWIW: This same user/pass can
>be specified in your PPTP dialup profile to be used to authenticate the 
>PPTP
>tunnel.
>
> >
> > i.e.  Whether I use a valid username/password or the blank, I
> > still can not access resources (or possibly ACLs) on the
> > servers even with valid usernames.  On my local LAN it's no
> > problem, but remotely, it doesn't seem to know who I am while
> > I'm logged on.
> >
> > For example, when I click a share locally on my SAMBA server,
> > I can get into it and have certain rights based on my username/
> > password.  I don't even have to think about it. "security =
> > user" in /etc/smb.conf. However, when I log in remotely with
> > Windoze using my PPTPD Linux server, when I even try to access
> > the server itself (let alone the share) it keeps asking me for
> > the IPC$ administration password as if it was an NT server.
> > It doesn't matter what I enter here, I can't get any farther.
>
>From the samba docs...
>
>Some people find browsing fails because they don't have the global
>"guest account" set to a valid account.  Remember that the IPC$
>connection that lists the shares is done as guest, and thus you must
>have a valid guest account.
>----------------------------
>
>Also, is the PPTP clients WORKGROUP participation set to match what the
>clients on the LAN are configured to?
>
> >
> > Does PPTPD know my SMB username but not my password, or vice
> > versa?  I thought maybe because it was encrypted using
> > libsmbpw.so that maybe it couldn't figure it out, but then
> > using chap-secrets plain-text passwords don't cut it either.
> >
> > Anyone know what this is all about?
> >
> > Geez, I thought this whole PPTPD Linux server was gonna be at
> > least a weekend of work, but it's turning out to be months
> > worth of work.
> >
>
>With regards to the "subject" line of this thread... lets make sure we are
>comparing apples to apples here. I'd hate to see PopTop/PPPD get the
>reputation of being insecure without the following clarification being
>noted.
>
>1) If you have configured your PopTop/PPPD system to re-direct PPTP tunnel
>authentication to use the libsmbpw.o lib's (smbpasswd), then your system
>appears to be vulnerable to the blank user/pass exploit mentioned in this
>thread.
>
>2) Those of you who are still using the chap-secrets file (no re-direct) 
>for
>tunnel authentication are NOT vulnerable to the blank user/pass exploit
>mentioned in this thread. I just verified this on my PopTop server! I do 
>not
>use the re-direct to libsmbpw.o
>
>Steve Cowles
>_______________________________________________
>pptp-server maillist  -  pptp-server at lists.schulte.org
>http://lists.schulte.org/mailman/listinfo/pptp-server
>List services provided by www.schulteconsulting.com!

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

More information about the pptp-server mailing list