NT Domain logon
nneul at umr.edu
Fri Oct 31 00:15:37 GMT 1997
On Thu, Oct 30, 1997 at 11:31:35PM +0000, Luke Kenneth Casson Leighton wrote:
> On Fri, 31 Oct 1997, Nathan Neulinger wrote:
> > First, a couple of questions - are encrypted passwords absolutely necessary?
> the only way is to find out if the SAM database can support clear-text
> passwords or not. we're mirroring SAM databases, which are based on
> encrypted passwords.
> effectively what we are implementing is NT's "Local Security Authority"
> SAM Service - LSASS.EXE.
So basically what you're saying is that smbd never receives a cleartext
version of the password, or never has enough data in it's posession to
calculate the cleartext?
Is the cleartext password supoprt in NT limited to the mounting of
shares? (i.e. Does the domain controller interface not support cleartext
> if you can get hold of an alternative login system, for example Novell's
> Local Security Authority, and ask them to provide full documentation on
> their over-the-wire protocol, then we will implement this.
The problem is, I thought this didn't log you into NT unless your NT
password was the same.
We were hoping to do all this without replacing the GINA module. We've
got the source and such for a couple example GINA modules that we'd be
able to use if we had to.
If we have to replace the GINA module, we'll just authenticate directly
to AFS and not bother with SAMBA at all (sorry :), since at that point
we'd have direct AFS access on the station. Or, if we wanted to go
the cheap route, just authenticate to any central auth server
The big thing we're trying to gain is:
1. 1 step logon
2. Centralized SINGLE password database
3. All users everywhere (not having to define a local NT userid for
ever user we want to allow to log in.)
Nathan Neulinger Univ. of Missouri - Rolla
EMail: nneul at umr.edu Computer Center
WWW: http://www.umr.edu/~nneul SysAdmin: rollanet.org
More information about the samba