Samba - Possible Security Problem

[nenenaiad]

I utilise Samba as the means by which 30 XP based machines can use the services of a Fedora file server.

In the course of finding out why a particular client could not log on to the server, I found that file server based home directory of a previous user of the XP machine was still accessible.
The XP client was immediately shutdown and restarted but still the previous users home directory was still accessible and all without logging in to Samba.

Then I stopped and restarted the Samba Server and restarted the client again and it made no difference at all, for all purposes this previous user of the machine was still there and his home folder and files accessible.

All the XP machines have two Windows user accounts namely an administrator and a student account. I decided to log on to Windows as Administrator and see what the state of play with Samba was. All appeared to work normally with a click on the Samba Server icon within View Worgroup Computers bringing the usual request for a User Name and Password.

However then logging off administrator and on again as Student produced the same effect once more. I then deleted the Student XP user account and recreated a new account with the same name, and the problem cleared.

I am using this arrangement in a teaching room, and there are obvious security implications in all this. A student start up an XP machine and after logging in, goes to log on to the Samba Server to find he is already logged in to someone elese account.

I might add that all machines, file server and network are all shutdown overnight.

Has this occurred to you ?

Any thoughts and comment anyone.

Regards

Dave W - nene naiad

 

[cyoung]

The windows machines are logging on to the Samba server using a persistant connection. By doing this, the username/password is stored on the windows box, therfore making the previous users shares visible to the next user.

The way to fix this is to either give each user their own account, or to make sure the connection is not persistant.

 

[nenenaiad]

Reply to Cyoung:

Thank you for that.

The user of each XP client has their own username and password which are in sync for both Linux and Samba.

Although I can understand that a previous users shares remain visible, surely they should not be accessible WITHOUT entry of a username and password assuming that the previous person had logged off and actually shut the XP machine down.

Typically where machines have been started first thing in a morning then although a previous days users shares are visible, clicking on them results in a request for a username and password.

Can I say that if it doesn't work like that doesn't it make a nonsense of the security?

I didn't understand what you mean by the connection being persistant.In the cicumstances I have described the client will have logged off and shutdown the Xp machine and the Server will then have been shut down overnight.Not just the Samba Server, the whole machine.
The following day the users share from the previous day on certain machines can be accessed WITHOUT logging on to Samba. As stated I have found that the only way around this is to delete the user account on the XP box and then recreate it with the same name.

Should users be logging off in another way? - How can I make the connection more non persistant than shutting the whole network down ?

Regards & thank you for your reply

Dave