Syncning passwords from MIT Kerberos to Samba 3?
simo
idra at samba.org
Thu Dec 8 10:18:04 MST 2011
On Thu, 2011-12-08 at 11:30 -0500, Steve Gaarder wrote:
> In the process of figuring out how to import passwords from MIT Kerberos
> to Samba4's Heimdal, I learned that the arcfour-hmac-md5 kerberos key is
> the same as the Windows NT password hash. So it would seem that I can
> just decrypt and extract that key and put it in the smbpassswd file or
> tdbsam database. I tried it and it seems to work. Of course, there is no
> valid LANMAN password, but that's not an issue since I don't have any old
> clients. Are there any other gotchas?
Nope, they are indeed the same, and arcfour-hmac-md5 enctype was indeed
introduced by Ms in order to allow upgrades from NT4 to Win2000 without
loss of access due to missing credentials.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>
More information about the samba-technical
mailing list