[Samba] samba-tool and -A option (credentials in file)

Luke Barone lukebarone at gmail.com
Thu Aug 25 20:17:46 UTC 2022

I've seen the -A option for smbclient; here is the manpage that may help:

           This option allows you to specify a file from which to read the
username and password used in the connection. The format of the file is

               username = <value>
               password = <value>
               domain   = <value>

           Make certain that the permissions on the file restrict access
from unwanted users.

On Thu, Aug 25, 2022 at 12:53 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 2022-08-25 at 21:11 +0200, Franta Hanzlík via samba wrote:
> > Hello all,
> >
> > I just build Samba-4.16.4 on Fedora 36 x86_64, as own build with
> > internal Heimdal krb5 (I hope for better stability than with Fedora's
> > MIT krb5).
> > Samba seems working, as well as new AD DC provisioning. Now I want
> > using samba-tool in batch shell script for setting DC DB, and I would
> > like to use admin authentication using a name and password stored in
> > a file - and this is where I came across.
> >
> > The only note that it should work somehow is samba-tool man page,
> > where
> > in '-U|--user' option paragraph is:
> > ...
> > A third option is to use a credentials file which contains the
> > plaintext
> > of the username and password. This option is mainly provided for
> > scripts
> > where the admin does not wish to pass the credentials on the command
> > line
> > or via environment variables. If this method is used, make certain
> > that
> > the permissions on the file restrict access from unwanted users.
> > See the -A for more details.
> I think you have found a bug. I have never really read the samba-tool
> manpage, the information you get from '--help' is usually sufficient. I
> have never come across '-A' and samba-tool, this is probably because
> you do not require it, you can just run kinit and then use kerberos.
> Also when a user logs in, they get a kerberos ticket and you can also
> use the computers ticket for searches etc.
> To put it another way, there is no '-A' option and you do not use a
> credentials file.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list