[Samba] Single sign on with SambaPDC and web server

Philip Washington phwashington at comcast.net
Fri Jan 20 21:08:14 GMT 2006 

Craig White wrote:

>On Wed, 2006-01-18 at 13:16 -0600, Philip Washington wrote:
>  
>
>>Craig White wrote:
>>
>>    
>>
>>>On Tue, 2006-01-17 at 19:01 -0600, Philip Washington wrote:
>>> 
>>>
>>>      
>>>
>>>>We are using SambaPDC-LDAP and we have a Web Interface using PHP to our 
>>>>database.  I have asked our developer to come up with a way to use the 
>>>>password stored in LDAP so we would have the same login throughout our 
>>>>site.  He told me that after a day of looking he couldn't figure out how 
>>>>to translate the Username and Password into the SambaNTPassword or the 
>>>>LM password on the LDAP server.  I was wondering if anyone here could 
>>>>point me in the direction for howto's on this. 
>>>>I thought it was a fairly simple md5 hash of the username and password 
>>>>but apparently not.
>>>>
>>>>   
>>>>
>>>>        
>>>>
>>>----
>>>I'm quite sure that you can find the code in phpldapadmin as that is
>>>capable of creating the hashed password. Also - a google for mkntpasswd
>>>would likely give you a 'c' program to do the same
>>>
>>>Craig
>>>
>>> 
>>>
>>>      
>>>
>>I tried every algorithm with phpldapadmin and compared the results from 
>>this with the results in the SambaNTPassword and SambaLMPassword and 
>>none of the results looked remotely the same.  So it appears to be more 
>>than a simple hash of the password.  The only one I couldn't check was 
>>the DES one. 
>>So it looks like I'll have to figure out the algorithm from mkntpasswd.
>>    
>>
>----
>I didn't think you had any reason to expect different results. The
>sambaNTPassword and sambaLMPassword are hashed differently than the
>other methods. I figured you would have your programmer look at the code
>within phpldapadmin and figure out how they get the sambaNTPassword
>hashed.
>
>As for mkntpasswd - why not just install it and run it and capture the
>result to your program?
>
>Craig
>
>
>  
>
Okay, I didn't realize that the sambaNTPassword and the sambaLMPassword 
could be entered and changed from phpldapadmin.  I was kind of 
scratching my head over this when I looked at the password entries, I 
didn't think this made much since .  But if I were to enter 'secret' 
into the sambaNTPassword in phpldapadmin and it were then to hash it, 
then that makes sense.

Install mkntpasswd and capture the results is probably what will do.

More information about the samba mailing list