[Samba] Security Question: passwordless machine accounts

Sean Noonan snoonan at snoonan.com
Tue Nov 5 16:21:01 GMT 2002


Hi folks,

Finally got Samba up and running after many oplock issues and I'm very
pleased.  One "detail" left that bothers me.  I'm running FreeBSD 4.7-STABLE
on our PDC and every night I'm (root) is emailed a security report.  Among
the items reported is:

Checking for passwordless accounts:
.
.
CLIENT01$::1134:1134::0:0:Machine CLIENT01:/dev/null:/sbin/nologin
.

Should I be telling myself this is okay, since it's mitigated by using the
/sbin/nologin shell?  Since the machine has already successfully joined the
domain can I now just assign the machine a password?  Won't that break the
trust relationship already setup?  Can anything be done, or should I just
shrug this one off?

Thanks in advance,

Sean




More information about the samba mailing list