On Sat, Dec 09, 2000 at 12:52 +0100, Oliver Hensel wrote:
On Fri, 8 Dec 2000, Gerhard Sittig wrote:
Read "man 5 smb.conf" and search for "sync" and/or "password". When you feed samba with passwords (that is, provide them in the clear) it can set the "traditional" Unix password for you, too. [ ... ]
That will only work if your Windows stations submit their password in cleartext, for which you need to change a registry setting on Win95 (upwards of OSR2 (?)) and NT4.0 (since SP3). I wouldn't really do that.
Sorry, but I don't want to follow you here. :) Don't confuse the cleartext auth (which *is* a bad idea) with the password changing dialog via "smbpasswd -r $MACHINE" -- or the Windows tools I referred to in the previous message. To clear it up, maybe I was too vague: The l0phtcrack run probably provides you (not actually _you_, Olli, but the original poster:) with a list of the users' passwords. With this info one can populate the Unix user database and the Samba hashes. That means that the users probably won't notice the change. And when they change their passwords later with the tools they are used to, they won't notice the change either. It still "feels" like talking to another Windows machine, and all the mechanisms using the Unix user database (EMail, Apache(?), FTP(for those who insist in using it), even shell sessions) are updated, too. The only ugly point in this scenario is the plain text password list, of course. But we already talked about it several times: Those with access to the crypted / hashed representation have the chance of getting the plain text version by means of brute force. And as soon as people are using POP3 over the wire (without tunneling it in SSL or ssh port forwarding) or FTP for web updates (instead of file system access -- we're talking LAN here), one can get the plain text passwords with even less effort, just by watching ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.