[Samba] DOMAIN level security with smbpasswd???

[Michael Heironimus]

On Tue, May 06, 2003 at 09:23:48AM -0400, Jeremy Nix wrote:
> I'm a bit confused on several points of the security infrastructure of
> Samba.  First, and simplest, why (and is it necessary) do we need to
> keep a smbpasswd file when the Linux/Unix passwd file could be suffice?
> I like the idea of mapping particular users to a given UNIX account via
> the username map option, but I see no reason in specifying a separate
> password file for these same UNIX users.

Samba needs its own password file because Windows and UNIX use
fundamentally different and incompatible methods of password encryption.
You can't get from either password hash back to a clear password, so you
can't compare them. If you make the registry change that tells Windows
to use unencrypted passwords, then Samba can use the ordinary system
passwords. I don't think you can do that with domain security, though.

> Secondly, and more to the point, why (again, and is it necessary) do we
> need this smbpasswd file if we are authenticating against a domain?

You shouldn't need one. It may still exist, of course.

-- 
Michael Heironimus