[Samba] passwords - windows - clear or hashed over wire?

Terry Davis tdavis at birddog.com
Mon Feb 4 16:56:09 GMT 2002


I am testing some things and coming up with weird results.
Here is the scoop:

I have samba set to:
unix password sync = yes
pam password change = yes

I am trying to test what is going on when I change a user's password 
from a windows box using the windows password utility.  Here is what 

If I have /etc/pam.d/samba set to:
auth       required     pam_nologin.so
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

samba changes the smbpasswd file to update the changes I made in windows 
to the password.  It stores the passwords hashed as expected.

If I set /etc/pam.d/samba to:
auth       required     pam_ldap.so
account    required     pam_ldap.so
session    required     pam_ldap.so
password   required     pam_ldap.so

then samba changes the password in the ldap server.   This is great!! 
One problem, it changes the password in ldap to be clear!   How does it 
do this?  I didn't think windows sent the password accross the wire in 
the clear.

Any smart people wanna figure this one out?
Thank you!

Terry Davis
Systems Administrator
BirdDog Solutions, Inc.
(402) 829-6059

More information about the samba mailing list