Convert ssha password to sambaNTpassword?
in [Samba]
|
Prev: Samba server, works fine for several days, then load increases indefinately till server unavailable
Next: Samba server, works fine for several days, then load increases indefinately till server unavailable
From: Scott Lovenberg on 22 Apr 2008 03:50 Matt Richardson wrote: > Is it possible to take a SSHA password from an ldif and create a > proper sambaNTpassword from it? Here's the scenario: the ldap > servers in our organization do not have the samba schema installed and > the likelihood of that happening is slim. I still want to provide > clients with as close to a single sign on solution as possible and I > can get an ldif of the accounts I need. However, the password field > is SSHA and I will still need to generate sambaLMpassword and > sambaNTpasswd fields (along with the rest, but that part is a wrapper > script around smbldap-utils away.) There is a remote possibility of > getting these hashes generated by an Identity Management Server, which > would make the problem go away. The IDM solution is remote, as the > admin for it is already overworked, so parsing an ldif seems to be the > best solution at the moment. > > Any suggestions would be appreciated. > Are PAM modules a viable route and/or one that you'd consider? I have no idea how it would work, but it seems to me that it's a good loosely coupled interface from both sides of the problem. To be honest, I run Slackware and PAM isn't included as Patric V. strong believes PAM is a security risk, so I can't comment on how easy an implementation might be as I've only toyed with it on a few occasions. I know, however, that Samba uses PAM for syncing the passwd/shadow files, so there must be some sort of interfacing capabilities native to Samba. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
From: Matt Richardson on 22 Apr 2008 11:40
Scott Lovenberg wrote: > Matt Richardson wrote: >> Is it possible to take a SSHA password from an ldif and create a >> proper sambaNTpassword from it? Here's the scenario: the ldap >> servers in our organization do not have the samba schema installed and >> the likelihood of that happening is slim. I still want to provide >> clients with as close to a single sign on solution as possible and I >> can get an ldif of the accounts I need. However, the password field >> is SSHA and I will still need to generate sambaLMpassword and >> sambaNTpasswd fields (along with the rest, but that part is a wrapper >> script around smbldap-utils away.) There is a remote possibility of >> getting these hashes generated by an Identity Management Server, which >> would make the problem go away. The IDM solution is remote, as the >> admin for it is already overworked, so parsing an ldif seems to be the >> best solution at the moment. >> >> Any suggestions would be appreciated. >> > Are PAM modules a viable route and/or one that you'd consider? I have > no idea how it would work, but it seems to me that it's a good loosely > coupled interface from both sides of the problem. To be honest, I run > Slackware and PAM isn't included as Patric V. strong believes PAM is a > security risk, so I can't comment on how easy an implementation might be > as I've only toyed with it on a few occasions. I know, however, that > Samba uses PAM for syncing the passwd/shadow files, so there must be > some sort of interfacing capabilities native to Samba. I would totally go with PAM, but have not heard of one to deal with this issue. It's a good idea, so off to google I go. -- Matt Richardson IT Consultant College of Arts and Letters CSU San Bernardino work: (909)537-7598 fax: (909)537-5926 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba |