[Samba] design question for small environment
Stefan G. Weichinger
lists at xunil.at
Tue Sep 18 15:19:35 UTC 2018
Am 18.09.18 um 16:33 schrieb L.P.H. van Belle via samba:
> Ah, ok.
>
> Maybe you can do something with the static id mappings on the server.
> Map a computer to user
>
> But besides that, uhm, good luck...
> Stick with the login popup, and save yourself a lot of troubles.
>
> Maybe this wil give you a good hint,
> https://sambaxp.org/fileadmin/user_upload/sambaXP2018-Slides/StefanMetzmacher_sambaxp2018_trusted_domain_support-rev0-compact.pdf
>
> Imo, a hard one to solve.
Yep.
I discussed this with another admin and he came up with "Windows
Anmeldeinformationen" ... maybe "stored passwords" in english?
This is an improvement as it allows to store credentials in a safe(r)
way ... I assume it is hashed and encrypted.
So no more cleartext pw on the client, no more pw-entry at start-time
(at least not for connecting the shares).
OK, if the upstream admin resets the users PW, he gets access to the
samba-shares as well ... but this would be noticed ("hey, my pw doesn't
work anymore").
We will test that in more detail tmrw and check if it is enough.
A first test worked fine (entered servername, user/pw ... batch without
user/pw connects fine)
- additionally I will have to look into the transport crypto: traffic
goes through "hostile" networks ;-)
More information about the samba
mailing list