[Fedora-directory-users] NT Password Hash Storage

Richard Megginson rmeggins at redhat.com
Thu Jan 19 19:50:34 UTC 2006 

Yes.  We need a plug-in that will take updates to userPassword and 
update sambaNTPassword (and vice versa) and possibly other related 
things like the sambaLMPassword.

Any volunteers?  Mark McLoughlin posted some pyldap code that does this, 
and I believe OpenLDAP has a samba module/overlay that does this.

Roger Spencer wrote:

>
> Craig White wrote:
>
>>><..snip..>
>>>    
>>>
>>----
>>I am unclear how you are doing authentication by Windows users to the
>>network in a normal login...via AD?
>>
>>anyway, my inclination is to setup Fedora-DS to use samba schema
>>
>>http://directory.fedora.redhat.com/wiki/Howto:Samba
>>
>>as that would give you a sambaNTPassword attribute which is normally the
>>hashed password as expected but how that relates to question
>>#2...updating the hash when the user changes their password...I suppose
>>that would depend upon the chain of events that occur where/when the
>>user changes their password...how is this information going to be sent
>>to fedora-ds?
>>
>>Craig
>>
>>--
>>Fedora-directory-users mailing list
>>Fedora-directory-users at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>>  
>>
>
> When I arrived on the scene, network authentication for windows 
> clients consisted of setting a local user id and password on a PC and 
> setting the same user id and password on a stand-alone samba server.  
> Of course, users had different ids for email, vpn, shared-keys for 
> wireless, etc. and passwords never changed (there was a partial NIS 
> setup going, so all was not bleak).
>
> What I'm doing is consolidating it all into FDS with the benifit of a 
> password policy.  The samba schema worked great and also gets samba 
> using FDS for authentication.  But this leaves one question:  what to 
> do about having two sets of passwords in FDS?
>
> With samba running as an NT domain controller, and having PCs join the 
> domain, samba should take care of keeping the sambantpassord correct 
> when a Windows user changes their password.  But what of the 
> userpassord attribute?  What happens when that same user does an ssh 
> session into a Linux server, which if I understand correctly, will use 
> the userpassword attribute for authentication?
>
> Is there a way to keep the two password attributes in sync?  I'm not 
> sure if it's possible to have all devices needing to do authentication 
> to use the NT style.
>
>------------------------------------------------------------------------
>
>--
>Fedora-directory-users mailing list
>Fedora-directory-users at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-users
>  
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060119/a6921c1b/attachment.bin>

More information about the Fedora-directory-users mailing list