Re: [Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
It's a openLDAP setting. in the ldap.conf has a 'pam_password', setting this to crypt may works for you. On 11/7/06, Pablo Chamorro C. [EMAIL PROTECTED] wrote: Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ and this is the setup in smbldap.conf: # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt=CRYPT So, I don't know why windows is changing the password in SSHA format. I appreciate your help. Pablo Chamorro -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
It's a openLDAP setting. in the ldap.conf has a 'pam_password', setting this to crypt may works for you. I did the change in /etc/ldap.conf, /etc/openldap/ldap.conf and /usr/local/etc/openldap/ldap.conf and restarted openldap y didn't work. How wonder how it works because I understand windows contact the PDC and the PDC is using smblda-passwd, but nothing about using pam? Could somebody explain me? What else can I try? Perhaps inserting crypt in this line of /etc/pam.d/system-auth in the PDC?: passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow sorry, I don't know much about pam. Thank you, Pablo On 11/7/06, Pablo Chamorro C. [EMAIL PROTECTED] wrote: Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ and this is the setup in smbldap.conf: # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt=CRYPT So, I don't know why windows is changing the password in SSHA format. I appreciate your help. Pablo Chamorro -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Ext. 2188 (hasta el 18.nov.2006) Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
Using smbldap-tool you have to change the smbldap.conf and set hash_encrypt to CRYPT. On 11/7/06, Pablo Chamorro C. [EMAIL PROTECTED] wrote: It's a openLDAP setting. in the ldap.conf has a 'pam_password', setting this to crypt may works for you. I did the change in /etc/ldap.conf, /etc/openldap/ldap.conf and /usr/local/etc/openldap/ldap.conf and restarted openldap y didn't work. How wonder how it works because I understand windows contact the PDC and the PDC is using smblda-passwd, but nothing about using pam? Could somebody explain me? What else can I try? Perhaps inserting crypt in this line of /etc/pam.d/system-auth in the PDC?: passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow sorry, I don't know much about pam. Thank you, Pablo On 11/7/06, Pablo Chamorro C. [EMAIL PROTECTED] wrote: Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = Changing password for*\nNew password* %n\n *Retype new password* %n\n passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ and this is the setup in smbldap.conf: # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt=CRYPT So, I don't know why windows is changing the password in SSHA format. I appreciate your help. Pablo Chamorro -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Ext. 2188 (hasta el 18.nov.2006) Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- *** Cleber P. de Souza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
Using smbldap-tool you have to change the smbldap.conf and set hash_encrypt to CRYPT. yeah, it is like that but changing the password from windows something is happening and the password end up in SSHA format. hash_encrypt=CRYPT thanks, Pablo -- Ext. 2188 (hasta el 18.nov.2006) Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
