On Tue, 2006-01-10 at 00:14 +0100, Javier Fernández-Sanguino Peña wrote: > Package: samba > Version: 3.0.21a-1 > Priority: wishlist > > Currently samba's postinst does this if the user says 'yes' to generate > automatically the smbpasswd file: > > getent passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd > pdbedit -i smbpasswd -e tdbsam > rm /etc/samba/smbpasswd > > This means that *all* users, including regular users and system users > are added in the smbpasswd file. The default smb.conf file has this: > > invalid users = root > > Which means that 'root' cannot log on to the system through SMB but since > the PAM configuration for samba is the default:
Actually, it means nothing of the sort. It is bogus, adds little for security and until recent work with privileges prevented administrators from joining machines to the domain. It simply means that after you have brute-forced the root password (with samba telling you yes/no to that stage), you can't connect to a share. I think it remains there as a historical relic. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
