Results 1 to 5 of 5

Thread: encrypted password in samba credentials file

  1. #1
    Join Date
    Mar 2008
    Location
    Canada
    Beans
    239
    Distro
    Ubuntu 10.04 Lucid Lynx

    encrypted password in samba credentials file

    Hello

    I remember that some time ago I found a guide on the Ubuntu website about adding samba shares to mount at boot via /etc/fstab.

    The guide also mentioned using a credentials file to store the username and password.

    However, the password was encrypted (in md5 I think) and it could not be read directly, but it still worked with fstab mount.

    If I remember correctly, the file contents were similar to this:
    Code:
    useraname = user
    password = --md5 *************
    where ********** was replaced by the encoded password. All was done in terminal.

    Recently I changed computers, and re-installed Ubuntu, but I forgot to save that file so I am not sure about the contents.
    I would like to know how to do this again, but I can't find the guide anymore.

    Does anyone know how to do this?

    Storing the password in plain text in file readable only by root is not acceptable because it can be read by someone mounting the drive from other operating system, and the share cannot be mounted/unmounted by regular users (which is possible with the md5 encrypted password).

  2. #2
    Join Date
    Jul 2006
    Beans
    6

    Re: encrypted password in samba credentials file

    I hate to reopen an old topic, but this post was the only reference to an alternative to storing samba passwords in clear text on the client. I have the same question as alecz20. I can't imagine we are the only two people who share this concern.

    Does anyone know a good way to authenticate *nix clients with a samba file sever without storing passwords in clear text on the client?

    Thanks.

  3. #3
    Join Date
    Nov 2011
    Beans
    1

    Re: encrypted password in samba credentials file

    Still no answers? Anyone? I'd like to know this too...

  4. #4
    Join Date
    Mar 2008
    Location
    Canada
    Beans
    239
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: encrypted password in samba credentials file

    My network topology has changed so I don't nee this that much anymore, but I would still like to have a solution.

    So far I have also found this thread:
    http://ubuntuforums.org/showthread.php?t=1111986

    Essentially, you can use pam_mount to mount the remote filesystem right after the login.

    Quote Originally Posted by albandy View Post
    Explanation of what is PAM:
    http://en.wikipedia.org/wiki/Pluggab...cation_Modules

    how to make pam automount your shared resources:
    first install pam_mount:
    sudo apt-get install libpam-mount
    then edit the file /etc/security/pam_mount.conf.xml
    add something like this:

    <volume fstype="smbfs" server="myserver.mydomain.org" path="shared_folder" mountpoint="/mnt/%(USER)/myremotehome" options="dmask=0700" />

    finally add this to the file /etc/pam.d/gdm
    @include common-pammount
    (it should be added after the line which contents @include common-session)



    in the file /etc/pam.d/common-pammount you can define how pam_mount should work, by default works ok, but you can modify some restrictions as setting it to required to don't allow login if can't mount the share or optional if you want to login anyway.

  5. #5
    Join Date
    Feb 2008
    Location
    Texas
    Beans
    14,703
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: encrypted password in samba credentials file

    If a post is older than a year or so and hasn't had a new reply in that time, instead of replying to it, create a new thread. In the software world, a lot can change in a very short time, and doing things this way makes it more likely that you will find the best information. You may link to the original discussion in the new thread if you think it may be helpful.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •