Chew, Darren
2003-Nov-18 05:29 UTC
[Samba] pamsmb_pass, userPassword & samba(LM/NT)Password
Hi All, Has anyone used pam_smbpass before with Samba 3 and Solaris 9? The problem I am facing is that the sambaNTPassword/sambaLMPassword and the posixAccount userPassword attributes are not the same. While I can use "net rpc vampire" to migrate the lanman password hashes the posixAccount attribute remains unpopulated. I have discovered that the smbldap tools has scripts to synchronise the passwords but this requires the password to be changed. I have just come across pam_smbpass and it looks like it may be the key. Can anyone shed some light on the following lines from the INSTALL file of pam_smbpass? auth optional pam_smbpass.so migrate password required pam_smbpass.so nullok use_authtok try_first_pass Does pam_smbpass require pam_smb? Any help much appreciated. Darren
Andrew Bartlett
2003-Nov-18 09:54 UTC
[Samba] pamsmb_pass, userPassword & samba(LM/NT)Password
On Tue, 2003-11-18 at 16:29, Chew, Darren wrote:> Hi All, > > Has anyone used pam_smbpass before with Samba 3 and Solaris 9? > > The problem I am facing is that the sambaNTPassword/sambaLMPassword and > the posixAccount userPassword attributes are not the same.One of the better options would be to make your LDAP server authenticate against the sambaNTPassword instead. If you server is OpenLDAP, you could use a nasty sequence of OpenLDAP -> SASL (plain) -> PAM -> pam_winbind -> winbind -> smbd -> LDAP to authenticate your users... Someday, I'll test out if I can actually make this work, and document it, but at least in theory, you should never need the userPassword if the NT password is present, for plaintext at least. Andrew Bartlett -- Andrew Bartlett abartlet@pcug.org.au Manager, Authentication Subsystems, Samba Team abartlet@samba.org Student Network Administrator, Hawker College abartlet@hawkerc.net http://samba.org http://build.samba.org http://hawkerc.net -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20031118/054faffa/attachment.bin
Possibly Parallel Threads
- Samba 3.0 + LDAP userPassword -> sambaNTPassword manual sync?
- Problems with userPassword when it's base64 encoded
- pGINA and samba - authentication against LDAP userPassword field?
- LDAP with posix account (userPassword only)
- Samba as a PDC with LDAP and Kerberos