Re: [Samba] Win2K Password Hash
On Thu, 2003-11-13 at 01:35, Robert Rati wrote: The account I'm testing with has the posixAccount attributes setup. I was able to get this to work on my test system running Red Hat 9.0 using authconfig, but the final server will be running Debian. Since Debian doesn't have authconfig, do you know which config files authconfig touches so I can replicate the changes on the Debian server? /etc/nsswitch.conf needs 'ldap' set in it, and /etc/ldap.conf and /etc/ldap/ldap.conf should be configured. The debian configuration for nss_ldap will do this for you, on installation/reconfiguration. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2K Password Hash
I have installed nss_ldap and changed my nsswitch.conf file to be like the example given with the nss_ldap package, so I thought that would satisfy the samba requirement. Is there other system configuration that needs to be done (other than changing nsswitch.conf) to satisfy this samba requirement? All the information I've found regarding setting up LDAP in this regard has been sketchy at best. I would think I'd have to configure a base dn atleast, but I haven't found out how to do this. Rob Andrew Bartlett wrote: On Tue, 2003-11-11 at 06:50, Robert Rati wrote: I have a Samba 3.0 PDC using LDAP as it's password database backend, but I can't get a user to log on to a Win2k machine on the domain. In the log file for the PC (on the Samba machine), I see that the user is found in the LDAP backend but that getpwnam failed. The username does not exist on the Linux machine in any form. Samba *requires* that the username exist on the server, via nsswtich, as a normal user. You cannot have users in Samba which are not in /etc/passwd or it's nsswitch'ed equivalent (nss_ldap etc). Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2K Password Hash
On Wed, 2003-11-12 at 02:12, Robert Rati wrote: I have installed nss_ldap and changed my nsswitch.conf file to be like the example given with the nss_ldap package, so I thought that would satisfy the samba requirement. Is there other system configuration that needs to be done (other than changing nsswitch.conf) to satisfy this samba requirement? All the information I've found regarding setting up LDAP in this regard has been sketchy at best. I would think I'd have to configure a base dn atleast, but I haven't found out how to do this. Now you just need the posixAccount attributes for all the users. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2k Password Hash
I posted this earlier, but never saw it show up in the mailing list so
I'm posting it again.
I have a Samba 3.0 PDC using LDAP as it's password database backend, but
I can't get a user to log on to a Win2k machine on the domain. In the
log file for the PC (on the Samba machine), I see that the user is found
in the LDAP backend but that getpwnam failed. The username does not
exist on the Linux machine in any form. These usernames are ment to be
for Windows only (at this time anyway). I set log level at 5 and tried
again and I see that the Lanman and NT password checks fail. I used the
mkntpwd that comes with samba 3.0 to create the passwords I put in the
LDAP database, but obviously I've done something wrong. Is the mkntpwd
program supposed to be for NT4.0 machines? Does Win2k use a different
password algorithm? The entries in the LDAP database for a user have
these fields:
sambaLMPassword: 1st hash from mkntpwd
sambaNTPassword: 2nd hash from mkntpwd
Should I have something preceeding the passwords in the LDAP database
(like {SSHA})? Any help on this would be much appreciated.
Rob
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Win2K Password Hash
I have a Samba 3.0 PDC using LDAP as it's password database backend, but
I can't get a user to log on to a Win2k machine on the domain. In the
log file for the PC (on the Samba machine), I see that the user is found
in the LDAP backend but that getpwnam failed. The username does not
exist on the Linux machine in any form. These usernames are ment to be
for Windows only (at this time anyway). I set log level at 5 and tried
again and I see that the Lanman and NT password checks fail. I used the
mkntpwd that comes with samba 3.0 to create the passwords I put in the
LDAP database, but obviously I've done something wrong. Is the mkntpwd
program supposed to be for NT4.0 machines? Does Win2k use a different
password algorithm? The entries in the LDAP database for a user have
these fields:
sambaLMPassword: 1st hash from mkntpwd
sambaNTPassword: 2nd hash from mkntpwd
Should I have something preceeding the passwords in the LDAP database
(like {SSHA})? Any help on this would be much appreciated.
Rob
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2K Password Hash
On Tue, 2003-11-11 at 06:50, Robert Rati wrote: I have a Samba 3.0 PDC using LDAP as it's password database backend, but I can't get a user to log on to a Win2k machine on the domain. In the log file for the PC (on the Samba machine), I see that the user is found in the LDAP backend but that getpwnam failed. The username does not exist on the Linux machine in any form. Samba *requires* that the username exist on the server, via nsswtich, as a normal user. You cannot have users in Samba which are not in /etc/passwd or it's nsswitch'ed equivalent (nss_ldap etc). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
