Re: root password is not stored in /etc/cipux/
Hi,
On Tuesday 12 December 2006 11:37, you wrote:
> Christian Kuelker skrev:
> > Well this is on every woody and sarge system the case.
>
> No, this is not the case. the smbadmin password is set by the script
> /usr/bin/samba-debian-edu-admin, with these lines:
> # Generate Samba_passwd
> SMBPW=$(/usr/bin/makepasswd)
>
> # Generate Crypted password
> CRYPTPW=$(/usr/sbin/slappasswd -u -s $SMBPW)
>
> # Stop openldap
> /etc/init.d/slapd stop
>
> # Stop nscd
> /etc/init.d/nscd stop
So it is a hash in the LDAP. I would not deny,
But do a
less /var/lib/samba/secrets.tdb
(on woody and sarge)
and you will see it in clear text!
> # Add smbadmin user to ldap db
> cat << EOF | /usr/sbin/slapadd
> dn: $BASEDN
> objectClass: top
> objectClass: organizationalRole
> objectClass: simpleSecurityObject
> cn: smbadmin
> description: Samba Administrator
> userPassword: $CRYPTPW
>
> EOF
>
> smbadmin is allowed to add/edit these attributes:
> sambaLMPassword
> sambaNTPassword
> objectClass
> cn
> uid
> uidNumber
> gidNumber
> homeDirectory
> loginShell
> sambaSID
> sambaPrimaryGroupSID
> displayName
> sambaPwdCanChange
> sambaPwdMustChange
> sambaPwdLastSet
> sambaAcctFlags
> sambaGroupType
> sambaPasswordHistory
yes.
Greetings
Christian
Reply to: