Nt passwords

[Matthew Keller]

Luca Menegus wrote:
> 
> Hi all,
>     I would like to know if  it's possible to extract Nt users records
> (along with clear text passwaords) using samba as a BDC and publish them
> to an LDAP SERVER. The problem is that I have Nestscape LDAP server and
> want to upload to it 20000 NT users accounts with their pass. Netscape
> provides an utility wich syncs password changes between NT ad LDAP but
> this utility is only able to grab the password when the user changes it.
> 
> I suppose that a BDC recives unencripted pass (or recive the encription
> key) from it's PDC, and as I've seen that BDC support is appearing in
> samba code and LDAP is already there I think I should be ablemto
> replicate Nt accounts in NSLDAP.
> Any help is greatly appriciated.

	NT passwords are stored in an encrypted hash, and are "virtually"
unrecoverable. I use the word "virtually" loosely, because one could
attack the cipher (brute-force) to find the password.
	
	Your best option is to force all of the users to "change password on
next logon". This would allow Netscape's LDAP server get a handle on the
password, and aleviate your problem. :)

-- 

             -> Matthew Keller <-
            Distributed Computing
             Windows/UNIX Support
              and Host Services
                 Kellas Hall
   State University of New York at Potsdam	
         http://mattwork.potsdam.edu/
-
     They wouldn't give you the time of day.
     They said you weren't a player.
     They wouldn't accept your calls.
     They are holding on line three.
-
 PGP Keys -
    http://mattwork.potsdam.edu/crypto/