Creating private/smbpasswd [was Re: Must a Samba PDC use encrypted passwords?]

CAE Samba Admin caesmb at lab2.cc.wmich.edu
Thu Jun 11 12:20:32 GMT 1998


> Same situation as here.  Thousands of users but so far only about 300
> accessing the NT lab machines.  Here is our solution.  Sorry I can't
> release any code with this explanation.

	Maybe you could give a few hints...?

> Create a custom /bin/passwd that will change the entry in /etc/passwd
> and private/smbpasswd.  Now **force** users to change 
> their unix passwd before giving them access to the NT boxes.  This
> will create the entry in private/smbpasswd or update it if one exists
> and therefore keep the accounts lists in sync.

	Currently we have a custom passwd program that will change both
passwords.  Unfortunately it has to ask the passwd 6 times
(old,new,verify) for both smbpasswd and passwd.  This is unacceptable
becuase as stated before, most users will never enter our lab.  The extra
passwd change will just confuse the hell out of them.  We would put
everyone from the NIS+ database into the smbpasswd file if we could
seemlessly change their password in the smbpasswd file when they change
their unix password.
	We haven't been able to come up with a secure way to do this.
Sure you can pass smbpasswd the username and password, but if by chance
someone happens to do a "ps" at the moment, the password is exposed.  We
ponderred getting the old/new passwords and dumping them to a file then
trying to pipe them into smbpasswd, but quickly dropped that idea as too
messy.

Kevin





More information about the samba-ntdom mailing list