Re: samba, ldap and syncing authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Michael Cronenworth wrote:
> I have a Samba server acting as a PDC with Fedora Directory Server
> running as the LDAP server, which holds all the users and passwords of
> the domain. Everything is properly configured and running great.
> Changing passwords from within a Windows machine changes both NT and
> UNIX passwords.
> 
> However, I can't seem to find out how to sync NT and UNIX passwords from
> a Linux client. I can set my Linux client to use LDAP auth, but it only
> changes the UNIX password. I occasionally login to a Windows VM and
> would like to use /one/ set of username and password credentials. I
> /cannot/ have two passwords (please, don't ask why). Right now I'm
> having to manually sync NT and UNIX passwords since my Linux client is
> my main machine.
> 
You are not going to find a way to easily sync the two password
lists for existing passwords. You would have to crack the passwords
in one list, and use that to change the passwords in the other list.
(It is probably easier to crack the NT passwords...)

> Yes, I know about smbldap-tools and that's what I have the PDC using,
> but I'm looking for a solution that uses the system "passwd" command to
> change passwords. If there is no other way, fine, just tell me and I'll
> use smbldap-tools on my Linux client.
> 
Take a look at using PAM for this. You will have to do some
searching, but there is a module you can add to /etc/pam.d/passwd so
that it will change the Samba password at the same time.
> 
> P.S. The Samba programmer who thought it would be awesome to have
> separate password keeping should be shot.
> 
It was not a Samba programmer. The only way to use the same password
database would be to use clear text passwords with Samba. The
problem is that Windows and Linux use two different password hashes,
so it does no good to compare the encrypted password that Windows
sends to the encrypted password in /etc/shadow. Both are "one way"
hashes, so you can not easily get the password from the hash of the
password.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux