NIS + Domain

Can Bican bican at
Fri Apr 9 20:22:17 GMT 1999

	So, the problem is this:
	How can one migrate a UNIX style passwd file to an smbpasswd file? This
seems like not a possible thing since I think there should be a
decryption somewhere.
	But I think I discovered something: Please correct me if I am wrong. If
you enable plain passwords in NT WS registry, and setup the samba server
for plain passwords and password synchronization, then WS's can use
shares with the existing UNIX passwords. But then the WS can't join to
the domain, probably because there is something wrong with changing its
machine password. I thought of two things: First is that the NT WS still
tries to send encrypted password for the machine password. Second is
that NT WS (or samba behalf of the NT WS) cannot change the password if
its entry is at the UNIX style passwd file. Which one should be the
right one?
	I am talking about 20,000 users. You can't give them all a new
password, nor you can wait for all of them to change their passwords to
fill up the empty fields in smbpasswd file.
	I wandered around the source for a short time, and did not observe
different treatment to machine passwords and user passwords, but I might
have missed...
	Any ideas?

Gerhard Klein wrote:
> We use a NT4.0 PDC and want use Samba PDC. You have to turn on password
> encryption and unix password sync. But how to sync NT password and smbpasswd
> first time?
> 1. Idee: Give everybody a new password in smbpasswd and let it change by the
> user.
> 2. Idee: Move NT password from regestrie to smbpasswd. But I don't know how
> to do. Can anybody help?
> Gerhard
> Can Bican schrieb:
> >     We are trying to use samba as a domain controller (just for
> > passwords) for NT workstations. Our main concern is to be able to
> > synchronize NIS passwords.  If we turn off password encryption, machine
> > accounts become unavailable. Conversely, if we turn on password
> > encryption, we cannot use the existing passwords. Is there a way to
> > overcome this? Can samba do the encrypted way for machines and the other
> > way for users, or is it reasonable to patch samba for this?
> --
> mailto:G.Klein at
> Phone: +49 7321 340 368
> Fax: +49 7321 340 363

Can Bican
Bilgi Islem Daire Baskanligi, ODTU
METU Computer Center

More information about the samba-ntdom mailing list