I would like to implement samba encrypted passwords. I have read the ENCRYPTION.txt file and see how to create the initial (no access) smbpassd file from the UNIX /etc/passwd file, but it seems that each user (or root) then has to change their samba password. This is not practical for my uses. If I understand the encryption scheme then there is no way to initally read the /etc/passwd file and put THAT password into the smbpasswd file. So... my question... Is there anyway to syncronize the /etc/passwd and smbpasswd files such that when a user changes their UNIX passwd, their smbpasswd will automatically get created if one does not exist or changed their smbpasswd if one DOES exist? I am running Digital Unix 4.0D, no shadow password, no C2. I am open to using a different UNIX passwd program if that will help. Thanks! --------------------------------------------------------------------- | Tim Winders, CNE | Email: twinders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | ---------------------------------------------------------------------
On Fri, 20 Feb 1998, Tim Winders wrote:> If I understand the encryption scheme then there is no way to initally > read the /etc/passwd file and put THAT password into the smbpasswd file.Correct.> So... my question... > > Is there anyway to syncronize the /etc/passwd and smbpasswd files such > that when a user changes their UNIX passwd, their smbpasswd will > automatically get created if one does not exist or changed their smbpasswd > if one DOES exist? > > I am running Digital Unix 4.0D, no shadow password, no C2. I am open to > using a different UNIX passwd program if that will help. Thanks!With a bit of programming effort someone should be able to modify the smbpasswd program to also modify your Unix password database. Charlie Brady - Telstra |internet: cbrady@ind.tansu.com.au Network Products |Snail : Locked Bag 6581, GPO Sydney 2001 Australia Platform Technologies |Physical : Lvl 2, 175 Liverpool St, Sydney 2000 IN-Sub Unit - Sydney | Phone: +61 2 9206 3470 Fax: +61 2 9281 1301
On Fri, 20 Feb 1998, Charlie Brady wrote:> > On Fri, 20 Feb 1998, Tim Winders wrote: > > > If I understand the encryption scheme then there is no way to initally > > read the /etc/passwd file and put THAT password into the smbpasswd file. > > Correct. > > > So... my question... > > > > Is there anyway to syncronize the /etc/passwd and smbpasswd files such > > that when a user changes their UNIX passwd, their smbpasswd will > > automatically get created if one does not exist or changed their smbpasswd > > if one DOES exist? > > > > I am running Digital Unix 4.0D, no shadow password, no C2. I am open to > > using a different UNIX passwd program if that will help. Thanks! > > With a bit of programming effort someone should be able to modify > the smbpasswd program to also modify your Unix password database.Any volunteers? --------------------------------------------------------------------- | Tim Winders, CNE | Email: twinders@SPC.cc.tx.us | | Network Administrator | Phone: 806-894-9611 x 2369 | | South Plains College | Fax: 806-897-4711 | ---------------------------------------------------------------------
At 04:10 20-02-98 +1100, Tim Winders wrote:>I would like to implement samba encrypted passwords. I have read the >ENCRYPTION.txt file and see how to create the initial (no access) smbpassd >file from the UNIX /etc/passwd file, but it seems that each user (or root) >then has to change their samba password. This is not practical for my >uses. > >If I understand the encryption scheme then there is no way to initally >read the /etc/passwd file and put THAT password into the smbpasswd file. >So... my question...It's really not an ecryption algorithm, it's a one-way hash. It can never be de-crypted. However, because the salt value is stored as part of the passwd, it is vulnerable to brute-force dictionary attacks.>Is there anyway to syncronize the /etc/passwd and smbpasswd files such >that when a user changes their UNIX passwd, their smbpasswd will >automatically get created if one does not exist or changed their smbpasswd >if one DOES exist?Wrap both passwd amd smbpasswd, and maybe even yppasswd, with a perl/expect script which will do this for all systems when the user does a passwd change. We even are building a web-page/cgi-script that does this for our users.>I am running Digital Unix 4.0D, no shadow password, no C2. I am open to >using a different UNIX passwd program if that will help. Thanks!You *really* don't want to do that. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: mailto:rmeyer@mhsc.com Personalweb pages: http://www.mhsc.com/~rmeyer Company web-site: http://www.mhsc.com/ ___________________________________________ Watch for the SecureMail system at MHSC.NET