NT/UNIX password synchronization, using LDAP for pasword store.
Luke Kenneth Casson Leighton
lkcl at samba.org
Sat Feb 19 17:49:19 GMT 2000
On Sat, 19 Feb 2000, Luke Howard wrote:
>
> >I intend for the same LDAP directory subtree to be used for
> >authentication store by Samba-TNG running on Linux, so that eventually
> >each entry should have these LDAP attributeTypes
> >
> > lmPassword
> > ntPassword
> > userPassword
>
> For TNG, that will _probably_ be dBCSPwd and unicodePwd, instead
> of lmPassword and ntPassword.
>
> >Is there some feature of Samba which will cause it to synchronize
> >lmPassword/ntPassword to the the userPassword attribute when an NT
> >password changes ? If not, does anyone have any suggestions for how I
> >might proceed ?
>
> Good question. I don't expect that SAMBA gets the new password in the
> clear, but I may be wrong; this is just a guess. If it doesn't, then
yes. unicode cleartext. the old password, however, is _not_ recieved.
> If SAMBA (when acting as a PDC) does get the cleartext password, then
> perhaps all you need is a conversation with the ldappasswd program (included
> with OpenLDAP).
"password chat = " option.
More information about the samba-ntdom
mailing list