[Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT

Pablo Chamorro C. pchamorro at ingeominas.gov.co
Tue Nov 7 19:15:25 GMT 2006 

> It's a openLDAP setting.
> in the ldap.conf has a 'pam_password', setting this to crypt may works for 
> you.

I did the change in /etc/ldap.conf, /etc/openldap/ldap.conf and 
/usr/local/etc/openldap/ldap.conf and restarted openldap y didn't work. 
How wonder how it works because I understand windows contact the PDC and 
the PDC is using smblda-passwd, but nothing about using pam?  Could 
somebody explain me? What else can I try?  Perhaps inserting crypt in this 
line of /etc/pam.d/system-auth in the PDC?:

password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow

sorry, I don't know much about pam.

Thank you,

Pablo

>
> On 11/7/06, Pablo Chamorro C. <pchamorro at ingeominas.gov.co> wrote:
>> Dear friends,
>> 
>> We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4.  When a
>> windows user changes his password using Ctrl-Alt-Del the password is
>> stored on ldap in SSHA format but we need to work with CRYPT because we
>> have some apps that don't support SSHA.
>> 
>> These are the lines related with authentication defined in smb.conf:
>> 
>>    encrypt passwords = yes
>>    ldap passwd sync = Yes
>> 
>>    passwd program = /usr/local/sbin/smbldap-passwd -u %u
>>    passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new 
>> password*" %n\n"
>>    passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/
>> 
>> and this is the setup in smbldap.conf:
>> 
>> # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
>> hash_encrypt="CRYPT"
>> 
>> So, I don't know why windows is changing the password in SSHA format.
>> 
>> I appreciate your help.
>> 
>> Pablo Chamorro
>> 
>> --
>> Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
>> Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>> 
>
>
>

-- 
Ext. 2188 (hasta el 18.nov.2006)

Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto

More information about the samba mailing list