Re: [Samba] Convert ssha password to sambaNTpassword?
Matt Richardson wrote: Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening is slim. I still want to provide clients with as close to a single sign on solution as possible and I can get an ldif of the accounts I need. However, the password field is SSHA and I will still need to generate sambaLMpassword and sambaNTpasswd fields (along with the rest, but that part is a wrapper script around smbldap-utils away.) There is a remote possibility of getting these hashes generated by an Identity Management Server, which would make the problem go away. The IDM solution is remote, as the admin for it is already overworked, so parsing an ldif seems to be the best solution at the moment. Any suggestions would be appreciated. Are PAM modules a viable route and/or one that you'd consider? I have no idea how it would work, but it seems to me that it's a good loosely coupled interface from both sides of the problem. To be honest, I run Slackware and PAM isn't included as Patric V. strong believes PAM is a security risk, so I can't comment on how easy an implementation might be as I've only toyed with it on a few occasions. I know, however, that Samba uses PAM for syncing the passwd/shadow files, so there must be some sort of interfacing capabilities native to Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Convert ssha password to sambaNTpassword?
Scott Lovenberg wrote: Matt Richardson wrote: Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening is slim. I still want to provide clients with as close to a single sign on solution as possible and I can get an ldif of the accounts I need. However, the password field is SSHA and I will still need to generate sambaLMpassword and sambaNTpasswd fields (along with the rest, but that part is a wrapper script around smbldap-utils away.) There is a remote possibility of getting these hashes generated by an Identity Management Server, which would make the problem go away. The IDM solution is remote, as the admin for it is already overworked, so parsing an ldif seems to be the best solution at the moment. Any suggestions would be appreciated. Are PAM modules a viable route and/or one that you'd consider? I have no idea how it would work, but it seems to me that it's a good loosely coupled interface from both sides of the problem. To be honest, I run Slackware and PAM isn't included as Patric V. strong believes PAM is a security risk, so I can't comment on how easy an implementation might be as I've only toyed with it on a few occasions. I know, however, that Samba uses PAM for syncing the passwd/shadow files, so there must be some sort of interfacing capabilities native to Samba. I would totally go with PAM, but have not heard of one to deal with this issue. It's a good idea, so off to google I go. -- Matt Richardson IT Consultant College of Arts and Letters CSU San Bernardino work: (909)537-7598 fax: (909)537-5926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Convert ssha password to sambaNTpassword?
Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening is slim. I still want to provide clients with as close to a single sign on solution as possible and I can get an ldif of the accounts I need. However, the password field is SSHA and I will still need to generate sambaLMpassword and sambaNTpasswd fields (along with the rest, but that part is a wrapper script around smbldap-utils away.) There is a remote possibility of getting these hashes generated by an Identity Management Server, which would make the problem go away. The IDM solution is remote, as the admin for it is already overworked, so parsing an ldif seems to be the best solution at the moment. Any suggestions would be appreciated. -- Matt Richardson IT Consultant College of Arts and Letters CSU San Bernardino work: (909)537-7598 fax: (909)537-5926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
