Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] importing users
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Mon, 11 Dec 2000 21:45:22 +1100
  • Message-id: <5.0.1.4.0.20001211213846.00b1a740@xxxxxxxxxxxxxxxxxxxx>
http://au1.samba.org/samba/ftp/pwdump/


http://au1.samba.org/samba/docs/man/smb.conf.5.html#unixpasswordsync

unix password sync (G)
This boolean parameter controls whether Samba attempts to synchronize the UNIX password with the SMB password when the encrypted SMB password in the smbpasswd file is changed. If this is set to true the program specified in the "passwd program" parameter is called *AS ROOT* - to allow the new UNIX password to be set without access to the old UNIX password (as the SMB password has change code has no access to the old password cleartext, only the new). By default this is set to "false".
See also "passwd program", "passwd chat".
Default: unix password sync = False
Example: unix password sync = True

If you do a little more reading (I'm not going to do all your work for you)
or ask on the correct mailing list (ie samba) you will have no trouble
setting up Samba to do pass-through authentication to an NT server
for a period of time. Everytime someone logs onto the domain, and
a local account doesn't exist on the unix server, samba will automatically
add it for you.

Cheers

-Nix

At 05:57 PM 8/12/2000 +0100, you wrote:
Hi Stephan.

On Fri, 8 Dec 2000, OKDesign oHG Security Webmaster wrote:

> Hi folks,
>
> finally one of our clients is interested in switching from WinDoof to Linux.
> But he needs some tool to import the existing users on WindowsNT to Linux in
> a secure manner (that means, not only importing the users, but also the
> passwords; but he don't know all passwords)
> Is there any way to do this efficiently ?

IMHO it's not possible to import the passwords from WinNT to Linux due to
the fact that they use different hashing algorithms (Linux crypt(), which
is a better form of DES, WinNT uses some kind of MD5 (?)). If you can get
Linux to use the same hashing algorithm (perhaps MD5 with PAM? I don't
know for sure), it should be somehow possible. But I don't really know of
any efficient (and really secure) method.
Sure, you could crack the passwords with l0phtcrack, and import them under
Linux, not what I'd call secure and/or efficient :-).

> Best would be, if the user-data could also be included into samba (samba
> should act as an login-server for his domain)

This however should be perfectly possible, just export the SAM from NT,
and import the hashes into /etc/smbpasswd, which you need anyway. But then
there's no login to the Linux machine (POP3, FTP...).

Greetings
olli

>
> Thanks in advance
>
> ---
> --------------------------------------------
> Stephan M. Ott // OKDesign oHG
> Internet-Providing und Netzwerkmanagement
> smo@xxxxxxxxxxx ..... http://www.okdesign.de
> fon. +49 961 3814139 .. fax. +49 961 3814140
> mobil 0171-8351130 ... oder ... 0171-7858064
> --------------------------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>
>
>
>

--
--------------------------------------
Oliver Hensel <oliver.hensel@xxxxxxx>
<ohensel@xxxxxxxxxxxxxxxxxxx>
http://www.ohensel.de/

Training + Consulting
Unix - Linux - Firewalls - Security
--------------------------------------


---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >