NT Domain logon

Nathan Neulinger nneul at umr.edu
Fri Oct 31 00:15:37 GMT 1997 

On Thu, Oct 30, 1997 at 11:31:35PM +0000, Luke Kenneth Casson Leighton wrote:
> On Fri, 31 Oct 1997, Nathan Neulinger wrote:
> 
> > First, a couple of questions - are encrypted passwords absolutely necessary?
> 
> the only way is to find out if the SAM database can support clear-text 
> passwords or not.  we're mirroring SAM databases, which are based on 
> encrypted passwords.
> 
> effectively what we are implementing is NT's "Local Security Authority"
> SAM Service - LSASS.EXE.

So basically what you're saying is that smbd never receives a cleartext 
version of the password, or never has enough data in it's posession to 
calculate the cleartext? 

Is the cleartext password supoprt in NT limited to the mounting of 
shares? (i.e. Does the domain controller interface not support cleartext 
at all?)

Most unfortunate.

> if you can get hold of an alternative login system, for example Novell's 
> Local Security Authority, and ask them to provide full documentation on 
> their over-the-wire protocol, then we will implement this.

The problem is, I thought this didn't log you into NT unless your NT 
password was the same.

We were hoping to do all this without replacing the GINA module. We've 
got the source and such for a couple example GINA modules that we'd be 
able to use if we had to.

If we have to replace the GINA module, we'll just authenticate directly 
to AFS and not bother with SAMBA at all (sorry :), since at that point 
we'd have direct AFS access on the station. Or, if we wanted to go 
the cheap route, just authenticate to any central auth server 
(tacacs/etc.). 

The big thing we're trying to gain is:
	1. 1 step logon
	2. Centralized SINGLE password database
	3. All users everywhere (not having to define a local NT userid for
ever user we want to allow to log in.)

-- Nathan

------------------------------------------------------------
Nathan Neulinger                  Univ. of Missouri - Rolla
EMail: nneul at umr.edu                    Computer Center
WWW: http://www.umr.edu/~nneul      SysAdmin: rollanet.org

More information about the samba mailing list