On 12/04/2017 03:36 PM, michael wrote:
On 2017-12-04 17:00, David wrote:
On 12/04/2017 02:33 PM, michael wrote:
I have it working. I don't want the password for the owner of the
share in plain text in a file though. Creating
/home/pi/.smbpasswd with the contents:
username=Test
password=password
domain=somedomain
and chmod 600 isn't good enough.
The password should be salted in this file even if it is password!
Is there a simple way to use an smbpasswd file properly salted
without implementing a full samba server?
The proper tool that I know of is "smbpasswd" as an executable, which
is part of the samba-common-bin package on my system (Debian).
It may have dependencies which includes a full smb server (which I
run), so this may not be helpful information.
dafr
I am most concerned about the password having to be in plaintext when
transmitted over the network. Even if
there is a way without a full samba server deployment to have the
password sent in encrypted form over the
network, that would be great. The server is probably the latest
incarnation of Windows server. I don't
like the idea of having to have a Linux user for every Windows user either.
Sure, I get that, and agree with the concerns. I was looking at the
smbpasswd man page initially and this is why I think you want to use
this utility:
"On a UNIX machine the encrypted SMB
passwords are usually stored in the smbpasswd(5) file."
Now, the problem with the utility is that unless you do something fancy,
you may have to be on the localhost where the share is exported to set /
reset the password as a user. This may not be feasible in your situation
unless there is a web interface that you can front smbpasswd with to
allow users to change passwords.
When mounting a share in a Windows VM on my Linux host, I have to auth
with a pop-up window of user / pass to access the shared directory. I'm
not sure if (and don't believe that) you have to have a Linux account
for the Windows user. They are different password files, but my
experience is also limited to a full samba server, so your needs may be
more an issue than mine.
dafr
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
