[Samba] design question for small environment

Stefan G. Weichinger lists at xunil.at
Tue Sep 18 15:19:35 UTC 2018


Am 18.09.18 um 16:33 schrieb L.P.H. van Belle via samba:
> Ah, ok.
> 
> Maybe you can do something with the static id mappings on the server.
> Map a computer to user
> 
> But besides that, uhm, good luck...
> Stick with the login popup, and save yourself a lot of troubles.
> 
> Maybe this wil give you a good hint,
> https://sambaxp.org/fileadmin/user_upload/sambaXP2018-Slides/StefanMetzmacher_sambaxp2018_trusted_domain_support-rev0-compact.pdf
> 
> Imo, a hard one to solve.

Yep.

I discussed this with another admin and he came up with "Windows 
Anmeldeinformationen" ... maybe "stored passwords" in english?

This is an improvement as it allows to store credentials in a safe(r) 
way ... I assume it is hashed and encrypted.

So no more cleartext pw on the client, no more pw-entry at start-time 
(at least not for connecting the shares).

OK, if the upstream admin resets the users PW, he gets access to the 
samba-shares as well ... but this would be noticed ("hey, my pw doesn't 
work anymore").

We will test that in more detail tmrw and check if it is enough.

A first test worked fine (entered servername, user/pw ... batch without 
user/pw connects fine)

- additionally I will have to look into the transport crypto: traffic 
goes through "hostile" networks ;-)



More information about the samba mailing list