SMB bulk add utility
Andrew Bartlett
abartlet at samba.org
Tue Sep 18 01:46:41 GMT 2007
On Mon, 2007-09-17 at 20:21 -0500, Christopher R. Hertel wrote:
> Peter,
>
> The raw password is needed in order to generate the hashes used for Windows
> authentication. If kerberos is supported then there may be an option, but
> for NTLM or NTLMv2 authentication you'll need the NTLM hash. If that's not
> already in eDirectory, then you'll need to generate it and it can only be
> generated from the original password.
>
> That's the nature of security systems. You shouldn't be able to get the raw
> password out of the system. It should only ever go in (and be destroyed
> after it is used).
Happily (?) eDirectory stores a 'universal password' (being the
plaintext), which Samba can obtain, if you have recent versions of both.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070918/bde9ecb2/attachment.bin
More information about the samba-technical
mailing list