To set the LDAP bind passwd for samba (in secrets.tdb) you must use "smbpasswd -w passwd" It would be nice if smbpasswd would prompt for the password if it wasn't supplied on the command line Rationale is that for the brief time that smbpasswd is running, the password is visible to everyone via /prov/$pid/cmdline, which isn't ideal. This is a security issue. The smbpasswd program should support reading the admin password from a prompt, and also support the -s option (read from stdin.)
Created attachment 1663 [details] add -W option to smbpasswd for interacive or -s enhanced entry of LDAP rootdn passwd The smbpasswd command uses -w (like the ldap* commands) for specifying the rootdn password. Since this requires an argument, I propose introducing -W with no arg to allow for interactive input or stdin (-s) to address the security concerns raised here.
Applied with 12840, thanks. Volker