SAMBA4 on the Raspberry Pi

Andrew Bartlett abartlet at
Thu Oct 25 15:10:26 MDT 2012

On Thu, 2012-10-25 at 14:55 +0200, steve wrote:
> 'I don't 
> care, no one has the root password so I sleep easy'.

I'll single this out as NOT the answer.  The sam.ldb database (and
secrets.ldb for that matter) contain secret data that if exposed to an
attacker, allow for a total compromise of the network and everything
that trusts it.  

The security of this machine is critical, and as it is trivial to bypass
the root password of a machine under physical control, all reasonable
steps need to be taken to ensure that doesn't happen.  

Naturally, the factor applied from there then comes down to how much the
network matters - a home network running AD for testing is different to
an air-gapped student network and is again different to a publicly
listed company or a bank.  

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list