[Samba] Can winbind change passwords in AD

Andrew Bartlett abartlet at samba.org
Tue Sep 27 04:14:45 GMT 2005

On Sat, 2005-09-24 at 11:16 +0200, Ivan Ruskov wrote:
> Hi,
> I have a question concerning Winbind. When I use winbind as a pam module to
> authenticate unix users against an AD Domain Controller can this pam module
> be also used to change users' passwords in AD? In other words can the users
> change their AD passwords through the winbind pam module?


> I'm looking for a way to synchronize users and groups between a Windows
> Active Directory domain controller and Linux domain member servers with
> Samba 3. The other way around is to synchronize OpenLDAP and AD through a
> custom script and use pam_ldap to authenticate linux users agains OpenLDAP
> but I'm not quite sure if OpenLDAP supports NTLM hashes.

I'm not really sure what you mean here.  OpenLDAP can be made to direct
basic binds against NTLM hashes, by a couple of different tricks.  See
the smbk5pwd module in particular, and the Heimdal/samba intergration.
You can get the NT password hashes from AD with 'net rpc samdump'.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20050927/6cdf553b/attachment.bin

More information about the samba mailing list