Samba vs PAM (authentication against NDS)
Marek Les
marek at ryston.cz
Mon Mar 20 12:36:34 GMT 2000
> Depends on your setup. Basically, those passwords have to go over the
> network somehow.
For sure.
> Either in plaintext or as a LanManager hash, which
> itself is protected via a challenge-response mechanism. In the former
> case, the plaintext passwords can then be hashed any way you need to,
> for checking against NDS. In the latter case, you do *not* have
> plaintext at the Samba end, so the only way to check against the NDS is
> if the NDS stores passwords in that same LanManager hash format.
Hmm.. I am not sure about this, maybe you can explain it to me.. if I
have a Novell Client installed in Windows 95 (with password
encrypting enabled) and I log in the Novell Server through NDS I
don't send any LanManger hashed password, don't I ? I don't know
exactly what type of encryption NDS uses (I'd say some one-way
stream?) but I'd say that Samba shouldn't play a role here because it
should just hand it over to the PAM module..
> Anyway, the short answer is no, you can't do what you want, not without
> patching Samba. Patch it so that instead of consulting smbpasswd it
> consults your NDS server.
Well I managed to get NDS authenticating working _locally_ .. That
means I can login via smbclient from the same computer using the
password in NDS. However I fail to do even 'net view \\server' from
Windows, I'm getting Error 86 : Wrong password.. note that I'm not
sure if I didn't broke something up during the several
(mis)configuration :-) .. However, the other (non NDS) Samba server
works fine with this Windows client .. also note that I can see the
experimental server when I do "net view" ..
> And, if your NDS server doesn't store
> passwords in the peculiar Windows LanManager form, you are truly out of
> luck. And let's not even go into the issue of *changing* passwords....
I don't get the point right now.. well, the goal of all this is to
have all the accounts handled _globaly_ , easily and comfortably from
the Novell NDS, which has a really very nice way of handling such
things. What's the problem of changing the password in NDS?
Marek "MaX" Leš
More information about the samba
mailing list