Pablo Chamorro C.
2006-Nov-07 16:52 UTC
[Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
Dear friends, We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a windows user changes his password using Ctrl-Alt-Del the password is stored on ldap in SSHA format but we need to work with CRYPT because we have some apps that don't support SSHA. These are the lines related with authentication defined in smb.conf: encrypt passwords = yes ldap passwd sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ and this is the setup in smbldap.conf: # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) hash_encrypt="CRYPT" So, I don't know why windows is changing the password in SSHA format. I appreciate your help. Pablo Chamorro -- Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto
Cleber P. de Souza
2006-Nov-07 17:05 UTC
[Samba] smb + ldap: changing passwords from windows: SSHA instead of CRYPT
It's a openLDAP setting. in the ldap.conf has a 'pam_password', setting this to crypt may works for you. On 11/7/06, Pablo Chamorro C. <pchamorro@ingeominas.gov.co> wrote:> Dear friends, > > We have samba-3.0.21c-1 under RH9 + openldap 2.3.11 under FC4. When a > windows user changes his password using Ctrl-Alt-Del the password is > stored on ldap in SSHA format but we need to work with CRYPT because we > have some apps that don't support SSHA. > > These are the lines related with authentication defined in smb.conf: > > encrypt passwords = yes > ldap passwd sync = Yes > > passwd program = /usr/local/sbin/smbldap-passwd -u %u > passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" > passdb backend = ldapsam:ldap://ldapserver.ingeominas.gov.co/ > > and this is the setup in smbldap.conf: > > # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) > hash_encrypt="CRYPT" > > So, I don't know why windows is changing the password in SSHA format. > > I appreciate your help. > > Pablo Chamorro > > -- > Tel: +57 (2) 7314752/3222/2595 - Fax: +57 (2) 7310514 > Carrera 31 #18-07 Parque Infantil - PO Box 1795 - Pasto > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba >-- *** Cleber P. de Souza