Transitioning to PDC mode
herb at chomps.engr.sgi.com
Wed Nov 1 15:11:05 GMT 2000
Gary Algier wrote:
> Now, here's the question:
> Is there a way I can transition? I would like to start collecting the
> contents of smbpasswd on "spike" for a week then copy it to "chuckie"
> and then "turn on" PDC control. I don't really want to have to
> ask everyone to write down their passwords and then type them all
> in. If I create an smbpasswd file on spike will it just start collecting?
> If I ask everyone to change their passwords will that do it?
Check out the "update encrypted" parameter in smb.conf. Here is a
quote from the man page
This boolean parameter allows a user logging on with a
plaintext password to have their encrypted (hashed) password in
the smbpasswd file to be updated automatically as they log on.
This option allows a site to migrate from plaintext password
authentication (users authenticate with plaintext password over
the wire, and are checked against a UNIX account database) to
encrypted password authentication (the SMB challenge/response
authentication mechanism) without forcing all users to re-enter
their passwords via smbpasswd at the time the change is made.
This is a convenience option to allow the change over to
encrypted passwords to be made over a longer period. Once all
users have encrypted representations of their passwords in the
smbpasswd file this parameter should be set to "off".
In order for this parameter to work correctly the "encrypt
passwords" parameter must be set to "no" when this
parameter is set to "yes".
Note that even when this parameter is set a user authenticating
to smbd must still enter a valid password in order to connect
correctly, and to update their hashed (smbpasswd) passwords.
Herb Lewis Silicon Graphics
Networking Engineer 1600 Amphitheatre Pkwy MS-510
Strategic Software Organization Mountain View, CA 94043-1351
herb at sgi.com Tel: 650-933-2177
http://www.sgi.com Fax: 650-932-2177
More information about the samba