Anybody else finding it increasingly difficult to quote from digests
of SLUG?
Back to the problem... I've several ideas that I vaguely recall might
help.
1) There was a utility that could extract passwords from an NT
server's password file. You first have to get hold of the password
file and put it on a linux/unix system. It was intended as a migration
tool only.
2) Samba can be set to ask the NT server if the name and password
given to it from the client are correct. Samba can also be set to
update a local copy of the password at the same time. What you do is
leave it operating in this manner for enough time to allow most users
to login thus capturing 99% of the passwords. You then switch from
'security=server' to 'security=user' and unplug the NT machine.
3) Also see man smb.conf and look for 'add user script' and similarly
'delete user script' plus 'update encrypted'. Hmm, time permitting,
just read the whole damn man page as it covers everything pretty well.
>Message: 10
>Date: Wed, 02 Aug 2000 10:17:39 +1000
>From: Peter Rundle <[EMAIL PROTECTED]>
>Organization: Alta Internet Business Centres
>To: [EMAIL PROTECTED]
>Subject: [SLUG] Samba as a PDC for windows domain
>
>Sluggers,
>
>I've been busy converting my authentication system to LDAP for all
>my Solaris and Linux boxen. Converting NT however is proving to be
>a bit of a challenge. I was just given an off the wall suggestion
>that perhaps we should use the latest version of Samba (on Linux of
>course :-) as the PDC for the windows domain. Configure Samba to
>use pam_ldap to authenticate and hey presto.
>
>Anyone been there done that, got any advice before I charge in and
>get burnt? One thing that comes to mind is encrypted passwords, the
>LDAP server keeps the password in SHA format, if Samba get's an
>encrypted password in whatever Doze format, how can it make the
>comparison? or does Samba know how to decrypt the password coming
>from the Doze box so it can generate a Unix crypt passwd for
>pam_pwdb.so authentication?
>
>Any and all thoughts gratefully accepted.
>
>Pete
---<GRiP>---
Grant Parnell [EMAIL PROTECTED] ([EMAIL PROTECTED])
Ph: 02-8701-4564 Mob: 0408-686-201 Web: http://linuxfreak.com/~gripz
No Microsoft products were used in the production of this message.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
