LDAP: Administrator/Groups/RID

Matt Chapman m.chapman at student.unsw.edu.au
Sun Jan 17 13:57:38 GMT 1999

Luke Kenneth Casson Leighton wrote:

> >  lmpassword: 14875687C26E8C2990004151ADA7B438
> >  ntpassword: E735EDF15BD6D35F6187C8DEC377D561
> remember that you have now sent everyone your nt and lm
> cleartext-equivalent passwords, please change them immediately.

Then again, many people send their smbpasswd files to this list, and that
contains much more of the same.

> matt, we *have* to do something about this.

Yep, that much I agree with :-)

Although newer servers do support some cool stuff I think we have very little
chance of doing any sort of passthrough CIFS authentication against a dumb LDAP
server; so we will still need to obtain the cleartext-equivalent hashes at the
Samba server to generate challenge responses there.

At the moment my best suggestion is to use an encrypting LDAP server or SSL.
Better solutions always welcome :-)


Matt Chapman
m.chapman at student.unsw.edu.au

More information about the samba-technical mailing list