[Samba] NT username/password export

Chris McKeever cgmckeever at prupref.com
Thu Nov 21 17:30:01 GMT 2002


This is what I have tried with thier respective outcomes:

1.  no local or samba accounts - strictly use winbind to authenticate off NT
PDC
	AUTHENTICATION SUCCESS
2.  export NT passwords using pwdump move that to the linux box changing
permissions and group to 600 and root, create local users using useradd -u
RID
	AUTHENTICATION SUCCESS
3.  changed one username in the pwdump to a user that is not on the PDC,
created the respective local account (this was to verify I still wasnt
authenticating off the NT PDC)
	AUTHENTICATION SUCCESS
4.  removed that local user
	AUTHENTICATION FAILURE

	Doing number 4 is what brought me to my last email.  It would make
sense that the smbpasswd file has a username/password and one can just
authenticate off that file..but it doesnt seem to want to behave like that
out of the box...

	The reason I am trying this is that I would like to migrate over to
strictly Linux backend and am trying to find the most efficient way to
create user password files

Any other suggestions would be appreciated

Chris


-----Original Message-----
From: Ronan Waide [mailto:waider at waider.ie]
Sent: Thursday, November 21, 2002 11:20 AM
To: Chris McKeever
Cc: 'samba at lists.samba.org'
Subject: RE: [Samba] NT username/password export


On November 21, cgmckeever at prupref.com said:
> Thanks for those utiltiies...I knew i saw them somewhere...I was
successful
> in creating a smbpasswd file using the pwdump utility..
> 
> Now here is my question (maybe someone know a work around):
> 
> If a username/password pair exists in the smbpasswd file...is there a way
> that the corresponding username/UID pair does not need to exist in the
> passwd file?  I guess what I am hoping for is a way samba can just
> autheticate off of the smbpasswd file so I dont have to script out a
useradd
> based on that pwdump file.

Right now, as I understand it, you must have a unix account to
correspond to the SMB account. I thought that winbindd might alleviate
this in the particular situation I'm dealing with, but it doesn't
appear to be the case. Perhaps manually building your smbpasswd
obviates the requirement for such accounts.

So.

I'd suggest you try joining to your domain, then fire up winbindd, and
see what happens.

And, of course, report back :)

Cheers,
Waider.
-- 
waider at waider.ie / Yes, it /is/ very personal of me.

Veep says, "you could scream MY PANTS ARE FULL OF EELS with a big smile or
            a big grimace on your face. good stuff"



More information about the samba mailing list