password chat, sending old password

Kevin Colby kevinc at
Thu Mar 8 17:44:23 GMT 2001

Don't hold your breath.  I believe it is insoluble.  The issue is that
Samba does not even know the original plaintext password.  NT sends only
the hash when authenticating, so Samba cannot send the plaintext original
to yppasswd.  The only way around this is to run Samba on the NIS master
(which does not need the old password), to use something other than NIS,
or to not support Windows password changing and rely on a web interface
or somesuch instead.

	- Kevin Colby
	  kevinc at

Katrin Fitz wrote:
> Thanks for the hint.
> is this problem going to be solved in samba TNG?
> until then, i am going to write a wrapper for the yppasswd
> command which invoces smbpasswd. So passwordchanging from
> Windows is not possible. Users need to use linux therefor.
> >
> > This is a known issue.  IIRC, it is not feasible to do Samba PDC/NIS
> > password changing integration on any machine other than the NIS master
> > for exactly this reason.
> --
> Katrin Fitz                 ------
> Fachhochschule Wedel / PTL

More information about the samba-ntdom mailing list