UNIX/NT passwd sync: Confused

Cemal AKYEL akyel at man.metu.edu.tr
Mon Aug 17 08:19:30 GMT 1998



Gerald W. Carter wrote:

> On Fri, 14 Aug 1998, Cemal AKYEL wrote:
>
> >  * set encrypt passwords=no and update encrypted=yes AND make use of the
> > original passwords and as the users login to the domain smbpasswd file
> > will updated.
>
> You cannot run a Samba PDC using this option.  You can have them connect
> to another samba server and use this option.  Then the smbpasswd entries
> can be copied over to the PDC.

Now I've got another samba server (pwdserver). All of my users are defined in
the /etc/passwd of the pwdserver. Below are from the related smb.conf files:

Original PDC:
security=server
password server=pwdserver
encrypt passwords=yes

pwdserver:
security=user
encrypt passwords=no

>From an NT WS 4.0 (sp3) client if i login as a local user, i can get connected
to the original PDC with the usernames/passwords defined on the pwdserver.

However the original PDC does not accept the membership requests from an NT WS
4.0 client. I assume the smbpasswd will placed on the PDC but not the
pwdserver (since encryption is set to no on the pwdserver)

>
>
> Since the user password change stuff is not implemented yet, it would be
> impossible to implement the "change password on next logon" feature.
>
> > the point that i'm confused is if i follow the 2nd alternative will my
> > client pc's (NT 4.0 sp3) be accepted to the domain (as indicated in the
> > NTDOM faq encrypted passwds should be used for this purpose)?
>
> See notes above.  There is really not a clean solution to this as of yet (
> that I know of ).   Anybody have any good ideas?  Besides running 'Crack'
> as I mention below?
>
> > Is there
> > any program that *fully* (including the original passwords) converts
> > (translates) UNIX style passwd file into smbpasswd?
>
> There is no way to globally transfer the password in /etc/passwd to the
> smbpasswd file.  You could try cracking the passwd file and then scripting
> these over to the smbpasswd file.  However this will not work obviously
> all the time.
>
> Hope this helps,
> j-
> ________________________________________________________________________
>                             Gerald ( Jerry ) Carter
> Engineering Network Services                           Auburn University
> jerry at eng.auburn.edu             http://www.eng.auburn.edu/users/cartegw
>
>        "...a hundred billion castaways looking for a home."
>                                   - Sting "Message in a Bottle" ( 1979 )



--
Cemal AKYEL

mailto:akyel at man.metu.edu.tr
http://www.man.metu.edu.tr/~akyel
phone: +90 (312) 210-2004
fax: +90 (312) 210-1243




More information about the samba-ntdom mailing list