From owner-freebsd-questions@freebsd.org Tue Jul 14 15:35:13 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3BBA89A1EFA; Tue, 14 Jul 2015 15:35:13 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E8283F3; Tue, 14 Jul 2015 15:35:12 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtp (envelope-from ) id <1ZF2Ef-003tNu-OY>; Tue, 14 Jul 2015 17:35:09 +0200 Received: from x5ce121a1.dyn.telefonica.de ([92.225.33.161] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (envelope-from ) id <1ZF2Ef-00231q-Gd>; Tue, 14 Jul 2015 17:35:09 +0200 Date: Tue, 14 Jul 2015 17:35:04 +0200 From: "O. Hartmann" To: dweimer Cc: freebsd-questions@freebsd.org, owner-freebsd-questions@freebsd.org Subject: Re: Howto create password hash for Windows server 2012 with freeBSD/Samba Message-ID: <20150714173504.24b14c3b.ohartman@zedat.fu-berlin.de> In-Reply-To: <2198a51d3af1d9546e6da2afc70690d9@dweimer.net> References: <20150714123446.3dfc808d@freyja.zeit4.iv.bundesimmobilien.de> <2198a51d3af1d9546e6da2afc70690d9@dweimer.net> Organization: FU Berlin X-Mailer: Claws Mail 3.11.1 (GTK+ 2.24.27; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/de7/RmtO2bZ9KyYqmcBmp8q"; protocol="application/pgp-signature" X-Originating-IP: 92.225.33.161 X-ZEDAT-Hint: A X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Jul 2015 15:35:13 -0000 --Sig_/de7/RmtO2bZ9KyYqmcBmp8q Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Tue, 14 Jul 2015 09:23:59 -0500 dweimer schrieb: > On 07/14/2015 5:34 am, O. Hartmann wrote: > > Scenario: > >=20 > > A CURRENT box is to mount a share from a windows server 2012r2 machine= =20 > > using > > autofs(5). > >=20 > > Setting up the SHAREs on Windows 2012 side and connecting to those=20 > > shares via > > FreeBSD's mount_smbfs(8) manually went smoothly. > >=20 > > But when it comes to automated mounting a Windows 2012 share via=20 > > automounter > > (autofs) I fail. Autofs is setup using mount_smbfs with the "-N"=20 > > option. > > regarding the documentation /etc/nsmb.conf is looked up for an=20 > > appropriate > > setup and password=3DXXXXX field. Cleartext passwords do not work with = M$=20 > > server > > 2012r2. Now I'm looking for a way to generate a "Hash" to put it > > into /etc/nsmb.conf. > >=20 > > Some websites tell the hash is NT MD4 hash. generating a md4 hash with > > FreeBSD's onboard-tools is not possible, as far as i can see. crypt(3)= =20 > > uses the > > ability to generate a NT hash depending on the mode set for using the > > appropriate hash algorithm, but I can not see how I could use/misuse=20 > > passwd or > > any related onboard tool to emmit a NT hash. > >=20 > > Please CC me via email (not subscribing the list) and help and=20 > > suggestions are > > highly appreciated. > >=20 >=20 > use: > smbutil crypt >=20 Thank you for responding. I did use smbutil crypt, placed the output in /etc/nsmb.conf (tagged: password=3D$$1XXXXXXXX) as suggested by the manpage. Manpage of nsmb.conf reports the user's private config file is ~/nsmb.conf,= but having that file, I get a "no cfg file found" error - it seems the manpage is wron= g. Having ~/.nsmbrc avoids that error. But anyway, only interactive mounting works. No automated one! --Sig_/de7/RmtO2bZ9KyYqmcBmp8q Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVpSwoAAoJEOgBcD7A/5N8+hAIAOO7B6fu6g49kDm0TmMBzfoQ d+U9XtKjFJJUwP9IkjWhxrhSLyuj1OWxpn9MqEWSdmB5SSH1LGpvHlsa9dWLtelf c3Gr3vl/Lj+mlWG6GN3JpK5DF25CYOe+o34n32iY/g9kOfPG/2ZDOZMM4NCOciXK Op0fFWfmkRtvrP7FLfmlPj5FEiMF4N9GzOTrXRupNrCBB3i7YCIim/Jx90hEPFsT nt2I+qDmPjD0WL+5tsnprTzULoAJvNnWFJfk/IKyaMV+aPWeAFPU+of13OiKQj9N Uxifs4n/KHuLhQZFy7UM/gxDrE1r/Ex6+4HN15nggkKjaqqrIrRL/fhK6TQ7p+Y= =wXSi -----END PGP SIGNATURE----- --Sig_/de7/RmtO2bZ9KyYqmcBmp8q--