[Samba] Samba encrypt passwd

Herb Lewis herb at sgi.com
Tue May 21 09:44:03 GMT 2002


chimin yen wrote:
> 
> 
>     * I converted /etc/passwd to /etc/samba/smbpasswd
> using mksmbpasswd.sh
>       script.
> 
>                cat /etc/passwd | mksmbpasswd.sh >
> smbpasswd
> 

This only creates the entries in smbpasswd but does not assign a
password. You need to run the smbpasswd command for each user to
correctly set the password. The method of creating passwords on 
Unix and Windows are not the same and you cannot convert from one
to the other so the passwords have to be manually created.

>        This resulted in a new smbpasswd file:
> 
>                -rw-------    1 root     root
> 4202 May 21 12:06 smbpasswd
> 
>         I feel a little uncomfortable about the file
> permission, there I change the
>         mode to 0644 (-rw-r--r--).
> 

This was a bad idea. You do not want anyone but root to be able to 
access this file (even read-only). Unlike the /etc/passwd file which
can be read access by the world, the smbpasswd file must be protected.
Because of the way MS encrypts the passwords, gaining access to this
file gives you the password equivalent so you can impersonate any
user.

-- 
======================================================================
Herb Lewis                               Silicon Graphics 
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb at sgi.com                             Tel: 650-933-2177
http://www.sgi.com                       Fax: 650-932-2177          
======================================================================




More information about the samba mailing list