Must a Samba PDC use encrypted passwords?

Andrew Perrin - Demography aperrin at demog.Berkeley.EDU
Wed Jun 10 18:31:04 GMT 1998

Kevin, how about this as a scheme:

1.) set up the samba server as non-encrypted with update encrypted on for
a while. Put a read-only [homes] share on it.
2.) Put a quick script in the Startup folder of the NT machines that's
something like "cmd /c type \\server\homes\dummy.txt".  This way upon
logging in, each user gets their home directory mounted, thereby updating
your smbpasswd file.
3.) When you're ready, switch to encryption on, and filter the smbpaswd
file with a grep -v XXXXXXX which will give you all the lines that have a
non-blank password.

As an alternative, you could keep a non-encrypted server running and the
item in the startup folder so that new users get their pw created.

Andrew J. Perrin - aperrin at - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA --------------------------SEIU1199

On Thu, 11 Jun 1998, CAE Samba Admin wrote:

> > > 	Well, this is fine and dandy if you are migrating from having
> > > people connect to non-PDC samba box towards a PDC, but when you are
> > > starting out in an homogeneous NT enviornment never having had samba
> > > running for other than test purposes, this is rather pointless as a user
> > > won't be able to sit down at an NT box and type in there username and
> > > password to login without having *first* been in the smbpasswd file. 
> > 
> > ok, then under _these_ circumstances, in a pre-existing NT network, you
> > want to use the PWDUMP utility (by jeremy allison) or its NT server admin
> > / resource kit equivalent (don't know exactly where this is).
> 	True we are going from an existing NT network, but we aren't
> looking to relace NT.  The samba server is on the machine with the campus
> wide user database, so we aren't really migrating from NT either.  We're
> starting from ground zero, and unfortunately there doesn't seem to be any
> clean method to get all the users from the unix passwd database into the
> smbpasswd file.
> 	There are several thousand users in that database and only a few
> hundred will use our lab, which is currently the only one which will be
> authenticating against samba.  We have no way of knowing who exactly those
> few hundred users will be.  We'd just dump everyone into the smbpasswd
> file if we could fine a *secure* way to seemlessly change there smbpasswd
> when they change their unix passwd.  However, there doesn't seem to be a
> mechanism for this yet.
> Kevin

More information about the samba-ntdom mailing list