How do you compute sambaLMPassword/sambaNTPassword?
flj at mail.dnttm.ro
Sun Mar 21 00:47:21 GMT 2004
I'm not sure this is the best place to send my question, it's about
development related to Samba, not about development of Samba itself, but I
couldn't think of a better place to ask the question.
Problem: making Domino's LDAP work with Samba, and doing all user
management in Domino.
Domino'S LDAP supports sasl, so Linux authentication can go directly to
Domino. The Windows authentication however doesn't send plain text
passwords, so it cannot be routed to LDAP. Therefore, user management
cannot be done entirely in Lotus Notes, you have to update user accounts
using Samba's user tools, or the fields sambaLMPassword and
sambaNTPassword in the account doc won't get set properly, and without
these fields being set from outside of Samba/Window user management tools
you're forced to use plain text authentication from Windows to Samba - or
am I wrong?
In order to provide single signon and allow for complete user management
using Lotus/Domino, in combination with Samba, I need to fill in the two
fields by hand, when doing a password change in Lotus/Domino. So I need to
know either the exact algorithms used for hashing or where I can find the
funcs which do the hashing in the Samba code, then I'll be able to rebuild
Since these ops I need to do both from a Windows station and potentially
when saving a user account document from a browser, if there are such
funcs, I'd rather call them directly from the libraries where they are.
Are there such funcs? If yes, where are they located? I suppose these
funcs must be available in the Windows dlls and in the Samba libs, so even
if the Domino server runs on Linux I can call them, if Samba is installed.
I had a little look at the code, it seems to me that it's quite some piece
of work to re-implement the two hashing algorithms, especially in such a
weak language like LotusScript (which is what Notes/Domino supports best).
Can you please help me? Or should I send the question to another address?
Background of this problem: many companies use Lotus/Domino as a mail
system and as an application platform. Few would accept to switch from one
setup with two parallel directory systems to another setup with two
parallel directory systems - Windows PDCs + NT Domains/ADS + Domino
address book vs. Samba + OpenLDAP + Domino address book, since nothing
changes regarding the user management overhead. But switching from Windows
PDCs + NT Domains/ADS + Domino address book to Samba + Domino address book
only would be a compelling reason to switch, if further user mangement can
be done in Domino the same way you do user management for Domino users.
The Domino LDAP server is pretty good, and completely elliminating any
need of distinct user management tools for Samba/Windows and Domino is
possible, if only the NT/LM hashes could be set automatically from within
Complex problems have simple, easy to understand wrong answers.
More information about the samba-technical