Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 14 Jul 2015 10:53:32 -0500
From:      dweimer <dweimer@dweimer.net>
To:        "O. Hartmann" <ohartman@zedat.fu-berlin.de>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Howto create password hash for Windows server 2012 with freeBSD/Samba
Message-ID:  <f714058ef2a471296171bb85ac8e8659@dweimer.net>
In-Reply-To: <20150714173504.24b14c3b.ohartman@zedat.fu-berlin.de>
References:  <20150714123446.3dfc808d@freyja.zeit4.iv.bundesimmobilien.de> <2198a51d3af1d9546e6da2afc70690d9@dweimer.net> <20150714173504.24b14c3b.ohartman@zedat.fu-berlin.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On 07/14/2015 10:35 am, O. Hartmann wrote:
> Am Tue, 14 Jul 2015 09:23:59 -0500
> dweimer <dweimer@dweimer.net> schrieb:
> 
>> On 07/14/2015 5:34 am, O. Hartmann wrote:
>> > Scenario:
>> >
>> > A CURRENT box is to mount a share from a windows server 2012r2 machine
>> > using
>> > autofs(5).
>> >
>> > Setting up the SHAREs on Windows 2012 side and connecting to those
>> > shares via
>> > FreeBSD's mount_smbfs(8) manually went smoothly.
>> >
>> > But when it comes to automated mounting a Windows 2012 share via
>> > automounter
>> > (autofs) I fail. Autofs is setup using mount_smbfs with the "-N"
>> > option.
>> > regarding the documentation /etc/nsmb.conf is looked up for an
>> > appropriate
>> > setup and password=XXXXX field. Cleartext passwords do not work with M$
>> > server
>> > 2012r2. Now I'm looking for a way to generate a "Hash" to put it
>> > into /etc/nsmb.conf.
>> >
>> > Some websites tell the hash is NT MD4 hash. generating a md4 hash with
>> > FreeBSD's onboard-tools is not possible, as far as i can see. crypt(3)
>> > uses the
>> > ability to generate a NT hash depending on the mode set for using the
>> > appropriate hash algorithm, but I can not see how I could use/misuse
>> > passwd or
>> > any related onboard tool to emmit a NT hash.
>> >
>> > Please CC me via email (not subscribing the list) and help and
>> > suggestions are
>> > highly appreciated.
>> >
>> 
>> use:
>> smbutil crypt
>> 
> 
> Thank you for responding.
> 
> I did use smbutil crypt, placed the output in /etc/nsmb.conf (tagged:
> password=$$1XXXXXXXX) as suggested by the manpage.
> 
> Manpage of nsmb.conf reports the user's private config file is
> ~/nsmb.conf, but having
> that file, I get a "no cfg file found" error - it seems the manpage is 
> wrong.
> Having ~/.nsmbrc avoids that error.
> 
> But anyway, only interactive mounting works. No automated one!

I use /etc/nsmb.conf

[WORKSTATION:DWEIMER]
password=$$1...
addr=192.168.5.66

then in /etc/fstab
# Samba File Systems
//dweimer@workstation/Music             /smbfs/workstation/Music     
smbfs   rw,late,-N      0       0
//dweimer@workstation/Documents         /smbfs/workstation/Documents 
smbfs   rw,late,-N      0       0
//dweimer@workstation/Downloads         /smbfs/workstation/Downloads 
smbfs   rw,late,-N      0       0
//dweimer@workstation/Pictures          /smbfs/workstation/Pictures  
smbfs   rw,late,-N      0       0
//dweimer@workstation/Videos            /smbfs/workstation/Videos    
smbfs   rw,late,-N      0       0

I haven't tried getting it to work under a regular user, but this works 
great with one exception, it makes booting take forever when it gets to 
the point it mounts these. Not sure why it takes so long, its fast to 
access the files when mounted. I have been using this setup for a couple 
of years to enable access via the Pydio web application on my server to 
my files from my laptop and iPhone if needed remotely.

-- 
Thanks,
    Dean E. Weimer
    http://www.dweimer.net/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f714058ef2a471296171bb85ac8e8659>