Synchonisation between NIS and encrypted SMBPASSWD

Todd Pfaff todd at edge.cis.McMaster.CA
Sat Dec 5 17:32:37 GMT 1998


my NIS master server is also my samba password server and I use the
following to sync passwords:

security = user
unix password sync = yes
passwd program = /bin/passwd -r files %u; cd /var/yp; /usr/ccs/bin/make passwd
passwd chat = *New\spassword:* "%n\n" *new\spassword:* "%n\n" *updated\spasswd* 
. *pushed\spasswd*
#passwd chat debug = true
#debug level = 100

note that this will only work on the NIS master server, but this allows you
to use the passwd '-r' option and the yp make which overcomes the problem of
needing the old password.

On Sun, 6 Dec 1998 samba at samba.org wrote:

> Date: Fri, 04 Dec 1998 18:17:21 +0100
> From: Rainer Hauck <hauck at nm.informatik.uni-muenchen.de>
> To: Samba at samba.org
> Subject: Re: Synchonisation between NIS and encrypted SMBPASSWD
> Message-ID: <36681921.820D9FAD at nm.informatik.uni-muenchen.de>
> 
> >Hello,
> >
> >does somebody have a tool to convert a /etc/passwd to a smbpasswd with
> getting
> >a valid Lan Manager and NT hash.
> >or does anybody have a trick, how I can synchronise the /etc/passwd
> with the
> >smbpasswd without changing a unix passwd twice (passwd,smbpasswd).
> >
> >Thanks,
> >
> >Martin
> 
> Martin
> 
> that's exactly what I need aswell. The problem is that NIS-passwd
> commands require the old password, even when called by root which is not
> given by smbpasswd (you can use %o in your chat script but it never gets
> transmitted).
> 
> We already tried to write shell-scripts to be called by smbpasswd which
> directly change the entry in the /etc/passwd file but stopped this due
> to security considerations.
> 
> To my opinion the only (sensible) solution to this problem is to include
> the support for the old password (%o) in smbpasswd. I know it's not done
> due to compatibility reasons but maybe it could be integrated as an
> option?
> 
> Rainer
> 
> --
>         _  _ _  _ _  _          RAINER HAUCK
>         |\/| |\ | |\/|          Institut fuer Informatik / Dept. of CS
>         |  | | \| |  |          Ludwig-Maximilians-University Munich
>      ======= TEAM =======       Oettingenstr. 67, 80538 Munich, Germany
> Munich Network Management Team  Room D01,Phone +49-89-2178-2155,Fax-2262
> Muenchner Netz-Management Team  email: hauck at informatik.uni-muenchen.de

--
Todd Pfaff                         \  Email: pfaff at mcmaster.ca
Computing and Information Services  \ Voice: (905) 525-9140 x22920
ABB 132                              \  FAX: (905) 528-3773
McMaster University                   \
Hamilton, Ontario, Canada  L8S 4M1     \



More information about the samba mailing list