Tim-Ole Alexander Golz
2010-May-19 11:23 UTC
[Samba] PHPLDAPAAdmin: SMB-Password not hashed
Hi, all there, first of all I like to introduce me cause this is my first post on this list: I am a networkadmin from Germany, struggling with Apple, Linux and Windows for a couple of years now ... I have occassionally worked with samba as a domain controller for three or four years now, but with systems windows 2000 / windows 2003 server / windows XP clients. I have successfully installed some samba-servers working as PDC, even with LDAP as smbpasswd-Backend. my question is a bit off-topic, but I found no useful help on the web: on our current project, I have installed a samba PDC with LDAP on Debian Lenny 5.0.4. there seems to be a bug in phldapadmin (the one shipping with Debian Lenny), because the smb-password is not longer hashed. when setting a new domainuser via phpldapadmin with the "Samba 3 account"-scheme, I can not log in to the domain. I have to do a "smbpasswd user" to get it work. when I use "smbldap-useradd user && smbldap-passwd user" everything is working fine. I tried this on three different installations (with Debian Lenny 5.0.3 through 5.0.4), always the same problem. I have installed the mkntpwd-Tool (as in former installations), but it is not longer needed and I cant even choose it in the phpldapadmin/config-File because there is no longer such a file ... :-( I have installed all the perl-crypt-modules, tried it with different settings in the smb.conf: unix password sync = yes ldap password sync = yes but nothing helped. anyone else who has the same problem? any hints or maybe the solution? thany a lot in advance! tim-ole golz
Tim-Ole Alexander Golz schrieb:> Hi, all there, > > > first of all I like to introduce me cause this is my first post on this list: I am a networkadmin from Germany, struggling with Apple, Linux and Windows for a couple of years now ... > > I have occassionally worked with samba as a domain controller for three or four years now, but with systems windows 2000 / windows 2003 server / windows XP clients. > > I have successfully installed some samba-servers working as PDC, even with LDAP as smbpasswd-Backend. > > my question is a bit off-topic, but I found no useful help on the web: > > on our current project, I have installed a samba PDC with LDAP on Debian Lenny 5.0.4. there seems to be a bug in phldapadmin (the one shipping with Debian Lenny), because the smb-password is not longer hashed. when setting a new domainuser via phpldapadmin with the "Samba 3 account"-scheme, I can not log in to the domain. > > I have to do a "smbpasswd user" to get it work. > > when I use "smbldap-useradd user && smbldap-passwd user" everything is working fine. > > I tried this on three different installations (with Debian Lenny 5.0.3 through 5.0.4), always the same problem. > > I have installed the mkntpwd-Tool (as in former installations), but it is not longer needed and I cant even choose it in the phpldapadmin/config-File because there is no longer such a file ... :-( > > I have installed all the perl-crypt-modules, tried it with different settings in the smb.conf: > > unix password sync = yes > ldap password sync = yes > > but nothing helped. > > anyone else who has the same problem? any hints or maybe the solution? > > > thany a lot in advance! > > > tim-ole golz > >I think I have seen the same bug. I've upgraded to phpldapadmin from testing (1.2.0.5), and I think the LM and NT hashes are still buggy. I've found that if you edit a userPassword entry, the password gets copied to the LM and NT Password fields, but probably after it is encrypted. So the hash comes out wrong. If I enter a password into the SambaNTPassword field, it works, and the user can log in with that password. Try it and compare the LM and NT hashes with those created with smbldap-passwd. Oliver Freyd