UNIX/NT passwd sync: Confused
Cemal AKYEL
akyel at man.metu.edu.tr
Mon Aug 17 08:19:30 GMT 1998
Gerald W. Carter wrote:
> On Fri, 14 Aug 1998, Cemal AKYEL wrote:
>
> > * set encrypt passwords=no and update encrypted=yes AND make use of the
> > original passwords and as the users login to the domain smbpasswd file
> > will updated.
>
> You cannot run a Samba PDC using this option. You can have them connect
> to another samba server and use this option. Then the smbpasswd entries
> can be copied over to the PDC.
Now I've got another samba server (pwdserver). All of my users are defined in
the /etc/passwd of the pwdserver. Below are from the related smb.conf files:
Original PDC:
security=server
password server=pwdserver
encrypt passwords=yes
pwdserver:
security=user
encrypt passwords=no
>From an NT WS 4.0 (sp3) client if i login as a local user, i can get connected
to the original PDC with the usernames/passwords defined on the pwdserver.
However the original PDC does not accept the membership requests from an NT WS
4.0 client. I assume the smbpasswd will placed on the PDC but not the
pwdserver (since encryption is set to no on the pwdserver)
>
>
> Since the user password change stuff is not implemented yet, it would be
> impossible to implement the "change password on next logon" feature.
>
> > the point that i'm confused is if i follow the 2nd alternative will my
> > client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the
> > NTDOM faq encrypted passwds should be used for this purpose)?
>
> See notes above. There is really not a clean solution to this as of yet (
> that I know of ). Anybody have any good ideas? Besides running 'Crack'
> as I mention below?
>
> > Is there
> > any program that *fully* (including the original passwords) converts
> > (translates) UNIX style passwd file into smbpasswd?
>
> There is no way to globally transfer the password in /etc/passwd to the
> smbpasswd file. You could try cracking the passwd file and then scripting
> these over to the smbpasswd file. However this will not work obviously
> all the time.
>
> Hope this helps,
> j-
> ________________________________________________________________________
> Gerald ( Jerry ) Carter
> Engineering Network Services Auburn University
> jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
>
> "...a hundred billion castaways looking for a home."
> - Sting "Message in a Bottle" ( 1979 )
--
Cemal AKYEL
mailto:akyel at man.metu.edu.tr
http://www.man.metu.edu.tr/~akyel
phone: +90 (312) 210-2004
fax: +90 (312) 210-1243
More information about the samba-ntdom
mailing list