[Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT

Cleber P. de Souza cleberps at gmail.com
Tue Nov 7 20:08:34 GMT 2006


Using smbldap-tool you have to change the smbldap.conf and set
hash_encrypt to CRYPT.

On 11/7/06, Pablo Chamorro C. <pchamorro at ingeominas.gov.co> wrote:
> > It's a openLDAP setting.
> > in the ldap.conf has a 'pam_password', setting this to crypt may works for
> > you.
>
> I did the change in /etc/ldap.conf, /etc/openldap/ldap.conf and
> /usr/local/etc/openldap/ldap.conf and restarted openldap y didn't work.
> How wonder how it works because I understand windows contact the PDC and
> the PDC is using smblda-passwd, but nothing about using pam?  Could
> somebody explain me? What else can I try?  Perhaps inserting crypt in this
> line of /etc/pam.d/system-auth in the PDC?:
>
> password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
>
> sorry, I don't know much about pam.
>
> Thank you,
>
> Pablo
>
> >
> > On 11/7/06, Pablo Chamorro C. <pchamorro at ingeominas.gov.co> wrote:
> >> Dear friends,
> >>
> >> We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4.  When a
> >> windows user changes his password using Ctrl-Alt-Del the password is
> >> stored on ldap in SSHA format but we need to work with CRYPT because we
> >> have some apps that don't support SSHA.
> >>
> >> These are the lines related with authentication defined in smb.conf:
> >>
> >>    encrypt passwords = yes
> >>    ldap passwd sync = Yes
> >>
> >>    passwd program = /usr/local/sbin/smbldap-passwd -u %u
> >>    passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new
> >> password*" %n\n"
> >>    passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/
> >>
> >> and this is the setup in smbldap.conf:
> >>
> >> # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
> >> hash_encrypt="CRYPT"
> >>
> >> So, I don't know why windows is changing the password in SSHA format.
> >>
> >> I appreciate your help.
> >>
> >> Pablo Chamorro
> >>
> >> --
> >> Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
> >> Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions:  https://lists.samba.org/mailman/listinfo/samba
> >>
> >
> >
> >
>
> --
> Ext. 2188 (hasta el 18.nov.2006)
>
> Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514
> Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
***
Cleber P. de Souza


More information about the samba mailing list