[Samba] Fw: Convert Unix users to Samba users
Nico Kadel-Garcia
nkadel at gmail.com
Thu Dec 29 18:20:51 MST 2011
On Thu, Dec 29, 2011 at 12:28 PM, Ryan Novosielski <novosirj at umdnj.edu> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> We used the pam_smbpasswd module, which does not work for either TDBSAM
> or LDAPSAM I don't think. It's OK if you want to maintain an smbpasswd
> file, but I think you really don't for more than X number of users and
> I'm not sure how well it works with Active Directory (this was back
> before AD was big that we were using Samba).
>
> The way that that worked was to take advantage of other password
> manipulation people had done (eg. authenticate successfully using
> anything) and that that time the PAM module would get the unencrypted
> password and write it using the proper hash for the new Samba auth
> method. That is a pretty slick idea and if it does not exist for LDAP or
> TDBSAM, I do wonder why not.
Handling unencrypted passwords on a server is always nasty. Even if
you trust the people you work with, it's an excellent target for any
cracker who gets into your systems to steal admin passwords.
This sort of poor security hack is way, way, way too common.
More information about the samba
mailing list