[Samba] Samba encrypt passwd
Herb Lewis
herb at sgi.com
Tue May 21 09:44:03 GMT 2002
chimin yen wrote:
>
>
> * I converted /etc/passwd to /etc/samba/smbpasswd
> using mksmbpasswd.sh
> script.
>
> cat /etc/passwd | mksmbpasswd.sh >
> smbpasswd
>
This only creates the entries in smbpasswd but does not assign a
password. You need to run the smbpasswd command for each user to
correctly set the password. The method of creating passwords on
Unix and Windows are not the same and you cannot convert from one
to the other so the passwords have to be manually created.
> This resulted in a new smbpasswd file:
>
> -rw------- 1 root root
> 4202 May 21 12:06 smbpasswd
>
> I feel a little uncomfortable about the file
> permission, there I change the
> mode to 0644 (-rw-r--r--).
>
This was a bad idea. You do not want anyone but root to be able to
access this file (even read-only). Unlike the /etc/passwd file which
can be read access by the world, the smbpasswd file must be protected.
Because of the way MS encrypts the passwords, gaining access to this
file gives you the password equivalent so you can impersonate any
user.
--
======================================================================
Herb Lewis Silicon Graphics
Networking Engineer 1600 Amphitheatre Pkwy MS-510
Strategic Software Organization Mountain View, CA 94043-1351
herb at sgi.com Tel: 650-933-2177
http://www.sgi.com Fax: 650-932-2177
======================================================================
More information about the samba
mailing list