[Date Prev][Date Next]
Re: Samba, email, LDAP and password integration and management
You won't be able to use the same password-attributes for Windows and
other systems. Samba stores its data in two attributes (lmPassword and
ntPassword or similar). These are hashes of the user-password which
aren't compatible with - let's say - crypt or MD5 which are used by a
lot of Unix-flavors.
The only way is to store these passwords in different attributes and
synchronize them. Samba supports calling a script on password change
(see man smb.conf, search for "passwd program" and "passwd chat"). Linux
can synchronize the windows-passwords via PAM. The password-change
script which would be called by Samba could check the quality of the
This ain't nice but with a bit luck it should work...
BTW: The Windows-hashes are not very secure and should be protected by
Brian Johnson wrote:
I set up a test server about a year ago to try this and gave up since it didn't seem
that the processes were quite yet in place to do it ..
I am evaluating the potential for Samba and Linux accounts (including postfix email
accounts) to share the same passwords (between software) and have a process in place
to encourage users to change their passwords and try to prevent esay to crack passwords
Could someone please confirm whether they have such a system working and how
difficult it was to set up?
When I looked at it before, it seemed that although Samba could use LDAP, it used a
different schema from the standard system accounts and therefore there was not
really any sharing of password data
If it matters, my server I'd like to do this on is a Redhat 7.3 system