Hello,
Consider the following scenario:
Several workstations or servers that are domain-members contain a local
useraccount (ie. testuser). In the domain also an account named testuser is
defined.
In the above configuration I've experienced the following problem. While
scanning some systems that are members of the domain, nessus tries to login
to the local system using several combinations (username / no password,
username / password=username). This results in two logons per enumerated
account. However the scan also tries to login on the domain using the
locally enumerated account. This means that for the testuser-account,
scanning four domain-members results in eight invalid logins ==> result is
that the domain-account is locked.
As far as I could see, the problem is related to the
smb_login_as_users.nasl. This plugin tries to login using the locally
enumerated accounts and uses the SMB/domain entry from the knowledge base. I
did not define the SMB-domain in my nessusrc-file, however further
investigation turns out that other plugins set the SMB/domain-entry, for
example if NULL-sessions are enabled (true for my configuration), the
smb_login.nasl sets the SMB/domain entry. According to my opinion, because
of NULL-sessions being enabled, the smb_login_as_users.nasl now tries to
authenticate local users against the domain.
Anyone else experienced this problem and if so, any advice on how this can
be solved.
Thanx in advance.
Mike
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now!
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
