Matt Richardson wrote:
Is it possible to take a SSHA password from an ldif and create a
proper sambaNTpassword from it? Here's the scenario: the ldap
servers in our organization do not have the samba schema installed and
the likelihood of that happening is slim. I still want to provide
clients with as close to a single sign on solution as possible and I
can get an ldif of the accounts I need. However, the password field
is SSHA and I will still need to generate sambaLMpassword and
sambaNTpasswd fields (along with the rest, but that part is a wrapper
script around smbldap-utils away.) There is a remote possibility of
getting these hashes generated by an Identity Management Server, which
would make the problem go away. The IDM solution is remote, as the
admin for it is already overworked, so parsing an ldif seems to be the
best solution at the moment.
Any suggestions would be appreciated.
Are PAM modules a viable route and/or one that you'd consider? I have
no idea how it would work, but it seems to me that it's a good loosely
coupled interface from both sides of the problem. To be honest, I run
Slackware and PAM isn't included as Patric V. strong believes PAM is a
security risk, so I can't comment on how easy an implementation might be
as I've only toyed with it on a few occasions. I know, however, that
Samba uses PAM for syncing the passwd/shadow files, so there must be
some sort of interfacing capabilities native to Samba.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
