Encrypted passwords really necessary for PDC ?

Janet Dickson janet at bioss.sari.ac.uk
Thu Jan 28 09:36:04 GMT 1999


Hi
	We use Clyde Hoover's npasswd on Solaris boxes as a replacement for the
standard passwd program and have hacked that to call the SAMBA smbpasswd
program.  So when a user changes their password under Solaris smbpasswd
gets updated as well.  We needed to use an Expect script to get round
smbpasswd wanting terminal input, but otherwise it was pretty
straightforward.

	We have been running a Samba 1.9.18p10 server with 'update encrypted =
yes' option to 'collect' users smbpasswds before switching them to our
SAMBA PDC server.

	Janet

*************************************************************************
Janet Dickson                        |
http://www.bioss.sari.ac.uk/~janet
Biomathematics & Statistics Scotland | email: janet at bioss.sari.ac.uk
The King's Buildings, Mayfield Rd    | Telephone: +44 (0) 131 650 4888
Edinburgh EH9 3JZ, Scotland, UK.     | Fax: +44 (0) 131 650 4901
*************************************************************************

> Date: Wed, 27 Jan 1999 08:31:16 -0800 (PST)
> From: Andrew Perrin - Demography <aperrin at demog.Berkeley.EDU>
> To: Ingo Kley <Ingo.Kley at lampebank.de>
> Subject: Re: Encrypted passwords really necessary for PDC ?
> Message-ID: <Pine.GSO.4.02.9901270830110.20367-100000 at davis.QAL.Berkeley.EDU>
> 
> WRONG -- mksmbpasswd only creates the file, but puts blank passwords in
> it. As has been pointed out multiple times on this list and elsewhere,
> there is no way to morph an /etc/passwd file into an smbpasswd file. You
> have to set up one or another hack for keeping them in sync.
> 
> ---------------------------------------------------------------------
> Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
> Department of Demography    -    University of California at Berkeley
> 2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
> http://demog.berkeley.edu/~aperrin --------------------------SEIU1199
> 
> On Thu, 28 Jan 1999, Ingo Kley wrote:
> 
> > > Subject:       Encrypted passwords really necessary for PDC ?
> >
> >
> > > Hello,
> >
> > > I'm trying to switch our old "share-only" setup  of  SAMBA  to  a  PDC
> > > configuration  and  migrating  all our W95 clients to NT/WS, trying to
> > > make them secure.
> > [...]
> > > - if I use  encrypted  passwords,  Samba  will  only  get  those  from
> > > smbpassword and not from Unix /etc/passwd or NIS map, right ? How can
> > > I "copy" my user's passwords from the NIS map to smbpasswd ? I've read
> > > things  along  the  lines  of  "running  for  a  while  with cleartext
> > > passwords" on this list but I don't get it yet.
> > > >
> >
> > Hello,
> >
> > it works like this:
> > cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd
> > After this, the new file smbpasswd includes the passwords.
> >
> > If you are running NIS try this:
> > ypcat passwd  | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd
> >


More information about the samba-ntdom mailing list