[Samba] Can winbind change passwords in AD
Andrew Bartlett
abartlet at samba.org
Tue Sep 27 04:14:45 GMT 2005
On Sat, 2005-09-24 at 11:16 +0200, Ivan Ruskov wrote:
> Hi,
>
> I have a question concerning Winbind. When I use winbind as a pam module to
> authenticate unix users against an AD Domain Controller can this pam module
> be also used to change users' passwords in AD? In other words can the users
> change their AD passwords through the winbind pam module?
Yes.
> I'm looking for a way to synchronize users and groups between a Windows
> Active Directory domain controller and Linux domain member servers with
> Samba 3. The other way around is to synchronize OpenLDAP and AD through a
> custom script and use pam_ldap to authenticate linux users agains OpenLDAP
> but I'm not quite sure if OpenLDAP supports NTLM hashes.
I'm not really sure what you mean here. OpenLDAP can be made to direct
basic binds against NTLM hashes, by a couple of different tricks. See
the smbk5pwd module in particular, and the Heimdal/samba intergration.
You can get the NT password hashes from AD with 'net rpc samdump'.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc. http://suse.de
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050927/6cdf553b/attachment.bin
More information about the samba
mailing list