On Tue, Dec 19, 2000 at 02:39:44PM -0500, Walter Tautz wrote: > I am trying to get access to a home account on another unix host(solaris) > to my linux machine. It works pretty well using the smbmount command > however i would like to have this occur automagically when I login or > perhaps have the system automount this without my having to type in an extra passwd > upon logging in. The point is it should not be necessary to have to go beyond > merely logging in at which point the samba share should already be there or be automounted > upon the logging in action or perhaps when the machine boots. > Perhaps smbmount can be told not to prompt for a passwd. this might be possible with a PAM module, i don't know if its been done or not. or if its feasible... > <An Aside> > Is there anyway to make samba look into the unix passwd file other than the smbpasswd > file. Usually the practice is to run a cronjob and add new userids to the smbpasswd > file. Would be nice to have these be one facility for authentication. > </An Aside> a cronjob cannot add unix accounts to smbpasswd because the cronjob cannot know what the decrypted password is, this is required to create the smb hashes. it is possible to have samba authenticate against the unix password file. simply delete the relevant user from the smbpasswd file and hack the registry on the windows client to enable clear text passwords. if you don't use smbpasswd at all set `encrypt passwords = no' (or close tot that..) in samba.conf. the smbpasswd crap comes from MS changing win95b, win98, NT4sp4, W2K etc to send a unsalted password hash instead of the password to the server, where the hash is compared with the hash stored in the local password file, if the two hashes match the authentication suceeds. its hardly better then sending clear text passwords over the network since you can simply use the hash *as* the password. (to make it worse the hash is rather weak anyway, especially since its unsalted which makes it quite easy to brute force) in short your not really losing any security by disabling MS's so called `encryption'. MS didn't make this change for security purposes, they made it to break samba. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpX9lRBKJwrl.pgp
Description: PGP signature