Password sync

Simo Sorce simo.sorce at
Thu Jul 20 08:59:03 GMT 2000

Jean Francois Micouleau wrote:
> On Thu, 20 Jul 2000, Simo Sorce wrote:
> > The problem is not only the Lm hash.
> > The problem is that what goes on the network is the hash (NT hash, LM
> > hash it does not matter).
> No. What goes on the network is a challenge/response. The clear text
> equivalent hashes are not sent directly.
> > If there anyone interested, is there anyone working or knowing a method
> > to replace msgina.dll (the module that do the authentication method) to
> > use with samba PDC and that does not break Domain/Profiles/Permissions
> > behaviours?
> correct way to do it is at the lsa layer and not the gina one.
> If you want stronger security go to NT2K and kerberos.

When the problem with kerberos ticket will be solved I will provide to
that users that want to use w2k workstation an unix kerberos server.
I'm not going to change my
unix/linux box to a problematic|unmaintenable|weak|untrustable w2k
server to do authentication for my users.
Anyway my path is to have a NT4->linux transition than NT4->w2k also for

By the way let the annoying problems/battles to struggle out of the
discussion, I have those NT4 clients and a migration path to anything is
not planned, so I still searching a way to change what layer is needed.
Meanwhile samba is working greatly and let my scripts do very positive

> > I've tested nisgina but as my users really leaps from a machine to
> > another any time It will not work very well (and I do not like much
> > plain NIS as well 8] ).
> nisgina doesn't work at all with roaming profiles as it creates local SID.

I know this, it is the problem with users that change machine I've told
in the post.

>         J.F.

Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at 02 2399 2425 - 02 2399 2451
Be happy, use Linux!

More information about the samba-ntdom mailing list