http://au1.samba.org/samba/ftp/pwdump/ http://au1.samba.org/samba/docs/man/smb.conf.5.html#unixpasswordsync unix password sync (G) This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to true the program specified in the "passwd program" parameter is called *AS ROOT* - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password has change code has no access to the old password cleartext, only the new). By default this is set to "false". See also "passwd program", "passwd chat". Default: unix password sync = False Example: unix password sync = True If you do a little more reading (I'm not going to do all your work for you) or ask on the correct mailing list (ie samba) you will have no trouble setting up Samba to do pass-through authentication to an NT server for a period of time. Everytime someone logs onto the domain, and a local account doesn't exist on the unix server, samba will automatically add it for you. Cheers -Nix At 05:57 PM 8/12/2000 +0100, you wrote:
Hi Stephan.
On Fri, 8 Dec 2000, OKDesign oHG Security Webmaster wrote:
Hi folks,
finally one of our clients is interested in switching from WinDoof to Linux. But he needs some tool to import the existing users on WindowsNT to Linux in a secure manner (that means, not only importing the users, but also the passwords; but he don't know all passwords) Is there any way to do this efficiently ?
IMHO it's not possible to import the passwords from WinNT to Linux due to the fact that they use different hashing algorithms (Linux crypt(), which is a better form of DES, WinNT uses some kind of MD5 (?)). If you can get Linux to use the same hashing algorithm (perhaps MD5 with PAM? I don't know for sure), it should be somehow possible. But I don't really know of any efficient (and really secure) method. Sure, you could crack the passwords with l0phtcrack, and import them under Linux, not what I'd call secure and/or efficient :-).
Best would be, if the user-data could also be included into samba (samba should act as an login-server for his domain)
This however should be perfectly possible, just export the SAM from NT, and import the hashes into /etc/smbpasswd, which you need anyway. But then there's no login to the Linux machine (POP3, FTP...).
Greetings olli
Thanks in advance
--- -------------------------------------------- Stephan M. Ott // OKDesign oHG Internet-Providing und Netzwerkmanagement smo@okdesign.de ..... http://www.okdesign.de fon. +49 961 3814139 .. fax. +49 961 3814140 mobil 0171-8351130 ... oder ... 0171-7858064 --------------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- -------------------------------------- Oliver Hensel
http://www.ohensel.de/ Training + Consulting Unix - Linux - Firewalls - Security --------------------------------------
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com