[Date Prev][Date Next]
Re: smbk5pwd and ppolicy working together
> Let me ask two theoretical questions, before I submit my comments
> below. Windows XP/2000/et. al. send their passwords via SMB hashed.
> So, without configuring those workstations to send the passwords
> plaintext over the wire, is there any way for ppolicy to act on the
> ldapmodify initiated by Samba from Windows clients attempting to change
> their passwords?
You do *NOT* need to configure the clients to use cleartext password -
which BTW would break domain functionality anyway.
Samba has a cleartext equivalent of the password when you do a password
change, else how would password chat scripts work?
> Furthermore, if the above change is made so that ppolicy can evaluate
> the plaintext password, what exactly will the interaction between LDAP
> and the clients be if it fails to clear ppolicy constraints?