On Mon, 2007-11-26 at 15:46 -0800, Natalie Li wrote: > Oops ... typo. ads_passwd should be set to the password of > Administrator in your case.
My initial thought was that this might be a security hole, exposing ads_user and ads_passwd to anyone gaining root access. However: bash-3.2# sharectl set -p ads_user=Administrator smb bash-3.2# sharectl set -p ads_passwd=VeryVerySecret smb bash-3.2# sharectl get -p ads_user smb ads_user=QWRtaW5pc3RyYXRvcg== bash-3.2# sharectl get -p ads_passwd smb ads_passwd=VmVyeVZlcnlTZWNyZXQ= bash-3.2# It appears that both are protected by encryption. Administrators will be happy that there isn't a simple way to extract the plain text of both! I can probably persuade an Administrator to enter the password once into: bash-3.2# smbadm join -u Admininstator my.domain.net as it is similar to the Windows procedure. How do I explain the two 'sharectl set -p' commands and convince them that there is no security concern? Also, are these fields maintained automatically when the Administrator password is changed? Finally, is there a reason why the 'smbadm join' command cannot issue the 'sharectl set -p' commands itself so that the password only has to be typed once? Many thanks to all who replied to my questions. I hope that a recipe for CIFS Server in Solaris-AD Integration will join or be linked from Scott Lowe's very useful Active Directory Integration site: http://blog.scottlowe.org/2007/04/19/samba-in-solaris-ad-integration/ http://blog.scottlowe.org/2007/01/15/active-directory-integration-index/ -- John Connett _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
