Samba PDC as a password server
Paul Ashton
paul at argo.demon.co.uk
Tue Apr 28 16:32:17 GMT 1998
jallison at whistle.com said:
> Indeed. You would set up the smbd to sync unix passwords
> and call a local program that set's a users password as
> root, then does a make in the yp domain directory to push
> the changed password out to the NIS slaves.
>
> You still end up with two password files, but users in
> both have the same password.
Just one small problem. I never progressed the password
change protocol from NT client to DC. I figured out how
to disable the RC4 (?) encryption of the RPC by sending
a certain type of NTLMSSP response, but not what the RC4
key was. Have you gotten anywhere with that Jeremy?
If the RPC isn't encrypted then I verified that the
password change protocol is as documented, incidentally
exposing a little hole in that the LM hash is used to
encrypt the new password even if LM-FIX has been applied
to disable the use of it.
Paul
More information about the samba-ntdom
mailing list