On Tue, 10 Jun 2003, Martin Sapsed wrote: > Andrew Bartlett wrote: > > On Tue, 2003-06-10 at 02:13, Martin Sapsed wrote: > > > >>Hello all, > >> > >>I'm currently trying out samba-3.0alpha24 and moving to samba-3.0.0beta1 > >>since we're getting into XP and encrypted passwords etc. I was hoping to > >>set everyone (about 13,000 users) up on an LDAP (openLDAP) server with > >>just the Unix crypt passwords for now and run with > >> > >>encrypt passwords = no > >>update encrypted = yes > >> > >>for a while to populate the NT/LM password hashes before going over to > >>encrypted passwords for everyone. (Most clients are Win 9x using plain > >>text passwords against NIS at the moment.) > >> > >> From what I can see and have gathered from some searching, it looks > >>like "update encrypted" only works with an smbpasswd file. Is this the > >>case? > > > > The code routines call the passdb backend, whatever that may be. > > Testing a bit further seems to suggest that > > encrypt passwords = no > > doesn't work at all if you're using > > passdb backend = ldapsam:ldap://..., guest > > in 3.0alpha24. Is this a bug or a feature? ;-)
It's a feature. You can not have domain membership with plain text passwords. The purpose of the LDAP based SAM is to enable full NT style account data (including MS encrypted passwords) to be stored in a suitable scalable backend. If you really must use plain text passwords you can use an LDAP backend for your Unix system accounts but your "passdb backend" entry should have "guest", but accessing of the LDAP backend will need to be done at the OS level. ie: Do NOT put ldapsam in the passdb backend line in your smb.conf. PS: It is a very bad idea to use plain text passwords - it is insecure and no longer supported well by Microsoft. Use of plain text passwords will lead to operational problems and user complaints. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
