[Samba] enable client to join domain with no or any password?

David Mathog mathog at caltech.edu
Tue Aug 17 14:33:25 MDT 2010


I am trying to automate W7 joining to our Samba domain.  It works fine
through the Windows GUI from the W7 workstations.  However, for a script
one would have to store password used for domain access, and since that
is the server's root password, I really don't want to hard code that
into a file.

Is there a way to set (temporarily) a Samba server so that it will
accept (admin/anything) as valid credentials for joining a domain, where
"anything" is any string, not just the password?  

That is, something like this:

server:  set client_machine accept_only_password
(THIS IS THE DEFAULT)
client:  (powershell)
  $myCred = New-Object System.Management.Automation.PSCredential \
     admin,a_string_which_is_NOT_the_password
  Add-Computer SAMBA_domain -cred $myCred
(FAILURE, wrong password)
server:  set client_machine accept_any_password
client:  (powershell)
  Add-Computer SAMBA_domain -cred $myCred
(SUCCESS, wrong password, does not matter)
server:  set client_machine accept_only_password
(CLOSE THE HOLE)

That way the password would never be stored on the client. It should be
safe enough since the security hole is only opened for a single machine,
and then only for a limited time.

Thanks,

David Mathog
mathog at caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech


More information about the samba mailing list