[Samba] Convert ssha password to sambaNTpassword?
Matt Richardson
marichar at csusb.edu
Tue Apr 22 15:34:20 GMT 2008
Scott Lovenberg wrote:
> Matt Richardson wrote:
>> Is it possible to take a SSHA password from an ldif and create a
>> proper sambaNTpassword from it? Here's the scenario: the ldap
>> servers in our organization do not have the samba schema installed and
>> the likelihood of that happening is slim. I still want to provide
>> clients with as close to a single sign on solution as possible and I
>> can get an ldif of the accounts I need. However, the password field
>> is SSHA and I will still need to generate sambaLMpassword and
>> sambaNTpasswd fields (along with the rest, but that part is a wrapper
>> script around smbldap-utils away.) There is a remote possibility of
>> getting these hashes generated by an Identity Management Server, which
>> would make the problem go away. The IDM solution is remote, as the
>> admin for it is already overworked, so parsing an ldif seems to be the
>> best solution at the moment.
>>
>> Any suggestions would be appreciated.
>>
> Are PAM modules a viable route and/or one that you'd consider? I have
> no idea how it would work, but it seems to me that it's a good loosely
> coupled interface from both sides of the problem. To be honest, I run
> Slackware and PAM isn't included as Patric V. strong believes PAM is a
> security risk, so I can't comment on how easy an implementation might be
> as I've only toyed with it on a few occasions. I know, however, that
> Samba uses PAM for syncing the passwd/shadow files, so there must be
> some sort of interfacing capabilities native to Samba.
I would totally go with PAM, but have not heard of one to deal with this
issue. It's a good idea, so off to google I go.
--
Matt Richardson
IT Consultant
College of Arts and Letters
CSU San Bernardino
work: (909)537-7598
fax: (909)537-5926
More information about the samba
mailing list