[Samba] password alignment with /etc/passwd
simo
idra at samba.org
Wed Feb 28 19:26:25 GMT 2007
On Wed, 2007-02-28 at 20:13 +0100, Markus Franke wrote:
> Gary Dale wrote:
> > The passwords in /etc/passwd should be unrecoverable in theory (apart
> > from a brute-force attack) if you are using a reasonable encrypting
> > scheme (every distro I know defaults to a decent one) and
> > strength-checking (not usually used) . And the encryption scheme is
> > different from what Windows uses, so there is no reasonable way of
> > converting them.
>
> Hmmm....I can't believe this. Let's consider the case that you have a
> network with NFS/NIS Installation and Linux only clients and about 100
> users. Now I want to add just one...only one windows box...and it should
> be possible that the existing users can login on this box via their
> usual password and they should get their Linux home directory directly
> mounted via Samba. In this case I would have to change the passwords of
> 100 users just to enable the usage of 1 windows pc? Is there really no
> other solution except of john the ripper? (which would probably not be
> able to resolve all the passwords)
No you disable encrypted password = yes, and change th relevant windows
box registry to allow plain text password to be exchanged between the
client and the samba server.
This will lower the security, but there is no other way, we do not
control what windows client can send or how they do it.
Another solution is to change your pam configuration so that when you
users change the password they will also update the /etc/samba/smbpasswd
file. Every user that wnat to log in into that box will have to change
the password at least once. It is not a big requirement after all.
Simo.
--
Simo Sorce
Samba Team GPL Compliance Officer
email: idra at samba.org
http://samba.org
More information about the samba
mailing list