[Samba] Convert ssha password to sambaNTpassword?

Matt Richardson marichar at csusb.edu
Tue Apr 22 15:34:20 GMT 2008


Scott Lovenberg wrote:
> Matt Richardson wrote:
>> Is it possible to take a SSHA password from an ldif and create a 
>> proper sambaNTpassword from it?  Here's the scenario:  the ldap 
>> servers in our organization do not have the samba schema installed and 
>> the likelihood of that happening is slim.  I still want to provide 
>> clients with as close to a single sign on solution as possible and I 
>> can get an ldif of the accounts I need.  However, the password field 
>> is SSHA and I will still need to generate sambaLMpassword and 
>> sambaNTpasswd fields (along with the rest, but that part is a wrapper 
>> script around smbldap-utils away.)  There is a remote possibility of 
>> getting these hashes generated by an Identity Management Server, which 
>> would make the problem go away.     The IDM solution is remote, as the 
>> admin for it is already overworked, so parsing an ldif seems to be the 
>> best solution at the moment.
>>
>> Any suggestions would be appreciated.
>>
> Are PAM modules a viable route and/or one that you'd consider?  I have 
> no idea how it would work, but it seems to me that it's a good loosely 
> coupled interface from both sides of the problem.  To be honest, I run 
> Slackware and PAM isn't included as Patric V. strong believes PAM is a 
> security risk, so I can't comment on how easy an implementation might be 
> as I've only toyed with it on a few occasions.  I know, however, that 
> Samba uses PAM for syncing the passwd/shadow files, so there must be 
> some sort of interfacing capabilities native to Samba.

I would totally go with PAM, but have not heard of one to deal with this 
issue.  It's a good idea, so off to google I go.

-- 
Matt Richardson
IT Consultant
College of Arts and Letters
CSU San Bernardino
work: (909)537-7598
fax: (909)537-5926



More information about the samba mailing list