Transitioning to PDC mode

Herb Lewis herb at
Wed Nov 1 15:11:05 GMT 2000

Gary Algier wrote:
> Now, here's the question:
> Is there a way I can transition?  I would like to start collecting the
> contents of smbpasswd on "spike" for a week then copy it to "chuckie"
> and then "turn on" PDC control.  I don't really want to have to
> ask everyone to write down their passwords and then type them all
> in.  If I create an smbpasswd file on spike will it just start collecting?
> If I ask everyone to change their passwords will that do it?

Check out the "update encrypted" parameter in smb.conf. Here is a
quote from the man page

    This boolean parameter allows a user logging on with a
    plaintext password to have their encrypted (hashed) password in
    the smbpasswd file to be updated automatically as they log on.
    This option allows a site to migrate from plaintext password
    authentication (users authenticate with plaintext password over
    the wire, and are checked against a UNIX account database) to
    encrypted password authentication (the SMB challenge/response
    authentication mechanism) without forcing all users to re-enter
    their passwords via smbpasswd at the time the change is made.
    This is a convenience option to allow the change over to
    encrypted passwords to be made over a longer period. Once all
    users have encrypted representations of their passwords in the
    smbpasswd file this parameter should be set to "off". 

    In order for this parameter to work correctly the "encrypt
    passwords" parameter must be set to "no" when this
    parameter is set to "yes". 

    Note that even when this parameter is set a user authenticating
    to smbd must still enter a valid password in order to connect
    correctly, and to update their hashed (smbpasswd) passwords. 

Herb Lewis                               Silicon Graphics 
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb at                             Tel: 650-933-2177                       Fax: 650-932-2177          

More information about the samba mailing list