samba-users August 2010 archive
Main Archive Page > Month Archives  > samba-users archives
samba-users: [Samba] enable client to join domain with no or any

[Samba] enable client to join domain with no or any password?

From: David Mathog <mathog_at_nospam>
Date: Tue Aug 17 2010 - 20:33:25 GMT
To: samba@lists.samba.org

I am trying to automate W7 joining to our Samba domain. It works fine
through the Windows GUI from the W7 workstations. However, for a script
one would have to store password used for domain access, and since that
is the server's root password, I really don't want to hard code that
into a file.

Is there a way to set (temporarily) a Samba server so that it will
accept (admin/anything) as valid credentials for joining a domain, where
"anything" is any string, not just the password?

That is, something like this:

server: set client_machine accept_only_password
(THIS IS THE DEFAULT)
client: (powershell)
  $myCred = New-Object System.Management.Automation.PSCredential \
     admin,a_string_which_is_NOT_the_password
  Add-Computer SAMBA_domain -cred $myCred
(FAILURE, wrong password)
server: set client_machine accept_any_password
client: (powershell)
  Add-Computer SAMBA_domain -cred $myCred
(SUCCESS, wrong password, does not matter)
server: set client_machine accept_only_password
(CLOSE THE HOLE)

That way the password would never be stored on the client. It should be
safe enough since the security hole is only opened for a single machine,
and then only for a limited time.

Thanks,

David Mathog
mathog@caltech.edu
Manager, Sequence Analysis Facility, Biology Division, Caltech
-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba