Nt passwords
Matthew Keller
keller57 at potsdam.edu
Tue Jun 15 16:03:47 GMT 1999
Luca Menegus wrote:
>
> Hi all,
> I would like to know if it's possible to extract Nt users records
> (along with clear text passwaords) using samba as a BDC and publish them
> to an LDAP SERVER. The problem is that I have Nestscape LDAP server and
> want to upload to it 20000 NT users accounts with their pass. Netscape
> provides an utility wich syncs password changes between NT ad LDAP but
> this utility is only able to grab the password when the user changes it.
>
> I suppose that a BDC recives unencripted pass (or recive the encription
> key) from it's PDC, and as I've seen that BDC support is appearing in
> samba code and LDAP is already there I think I should be ablemto
> replicate Nt accounts in NSLDAP.
> Any help is greatly appriciated.
NT passwords are stored in an encrypted hash, and are "virtually"
unrecoverable. I use the word "virtually" loosely, because one could
attack the cipher (brute-force) to find the password.
Your best option is to force all of the users to "change password on
next logon". This would allow Netscape's LDAP server get a handle on the
password, and aleviate your problem. :)
--
-> Matthew Keller <-
Distributed Computing
Windows/UNIX Support
and Host Services
Kellas Hall
State University of New York at Potsdam
http://mattwork.potsdam.edu/
-
They wouldn't give you the time of day.
They said you weren't a player.
They wouldn't accept your calls.
They are holding on line three.
-
PGP Keys -
http://mattwork.potsdam.edu/crypto/
More information about the samba-ntdom
mailing list