Hello,
I reported problem PR#20895.
So - i use encrypted passwords. All new unix users are appended to
smbpasswd with one script.
Every new user is getting a line like this:
s1077347:2006:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:NO
PASSWORDXXXXXXXXXXXXXXXXXXXXX:[NU ]:LCT-00000000:user name
The parameter null passwords is NO. Every user who has not set their
password can login into Samba NT Domain from NT ws with no password or
with any password. And now i discovered that users who has already SET
!!! their smbpasswords on the unix side with smbpasswd can also login
with a new password, with NO !!! password and with ANY !!! password.
Then i looked at all possible parameter in smbpasswd. there is a string
- :[NU ]:
When there is NU, any user can login with any password, with no password
and with their smbpasswd password. Then i set instead of :[NU ]:
just :[U ], and than everything is working well. But ...
A new user is getting line with [NO_PASSWORD...]:[NU ], because only
than a user can set his password on unix side with smbpasswd. When a new
user gets [NO_PASSWORD...]:[U ], than only ROOT !!! can set
smbpasswd for this user. It is not so comfortable to set smbpasswd as
root for 2000 users. Any ideas ?
--
Have a nice day !
Tomek Jarosinski