On Fri, 2014-01-31 at 10:48 +0100, Prunk Dump wrote: > So is there a way to send the "samba4password" securely to the clients > ? This is the main samba root password !
A couple of years ago, there was a discussion on this list about sending secret information (such as crypto keys and passowrds) to FAI clients during install. Search the archives. IIRC, the conclusion was that because all information (including any keys and passwords to access other keys and passwords) must come to the client via network, there is no 100% secure way of delivering that information. However, several good alternatives were proposed, such as single-use access to the secrets with logging of all transfers, or using an out-of-band data transfer medium, such as a USB stick. > Ideally, is this possible to be prompted for this password by FAI when > installing the clients ? > > Or it is possible to send a ssh command from the server when the > clients wait for reboot ? Is there a way to get the list of there > waiting clients ? Both of these are possible with some scripting (hooks). For monitoring of progress, check out faimond. There is also a GUI available (faimond-gui) if you prefer. Regards, Toomas Tamm
