[Samba] Convert ssha password to sambaNTpassword? - Samba

This is a discussion on [Samba] Convert ssha password to sambaNTpassword? - Samba ; Is it possible to take a SSHA password from an ldif and create a proper sambaNTpassword from it? Here's the scenario: the ldap servers in our organization do not have the samba schema installed and the likelihood of that happening ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: [Samba] Convert ssha password to sambaNTpassword?

  1. [Samba] Convert ssha password to sambaNTpassword?

    Is it possible to take a SSHA password from an ldif and create a proper
    sambaNTpassword from it? Here's the scenario: the ldap servers in our
    organization do not have the samba schema installed and the likelihood
    of that happening is slim. I still want to provide clients with as
    close to a single sign on solution as possible and I can get an ldif of
    the accounts I need. However, the password field is SSHA and I will
    still need to generate sambaLMpassword and sambaNTpasswd fields (along
    with the rest, but that part is a wrapper script around smbldap-utils
    away.) There is a remote possibility of getting these hashes generated
    by an Identity Management Server, which would make the problem go away.
    The IDM solution is remote, as the admin for it is already
    overworked, so parsing an ldif seems to be the best solution at the moment.

    Any suggestions would be appreciated.

    --
    Matt Richardson
    IT Consultant
    College of Arts and Letters
    CSU San Bernardino
    work: (909)537-7598
    fax: (909)537-5926

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  2. Re: [Samba] Convert ssha password to sambaNTpassword?

    Matt Richardson wrote:
    > Is it possible to take a SSHA password from an ldif and create a
    > proper sambaNTpassword from it? Here's the scenario: the ldap
    > servers in our organization do not have the samba schema installed and
    > the likelihood of that happening is slim. I still want to provide
    > clients with as close to a single sign on solution as possible and I
    > can get an ldif of the accounts I need. However, the password field
    > is SSHA and I will still need to generate sambaLMpassword and
    > sambaNTpasswd fields (along with the rest, but that part is a wrapper
    > script around smbldap-utils away.) There is a remote possibility of
    > getting these hashes generated by an Identity Management Server, which
    > would make the problem go away. The IDM solution is remote, as the
    > admin for it is already overworked, so parsing an ldif seems to be the
    > best solution at the moment.
    >
    > Any suggestions would be appreciated.
    >

    Are PAM modules a viable route and/or one that you'd consider? I have
    no idea how it would work, but it seems to me that it's a good loosely
    coupled interface from both sides of the problem. To be honest, I run
    Slackware and PAM isn't included as Patric V. strong believes PAM is a
    security risk, so I can't comment on how easy an implementation might be
    as I've only toyed with it on a few occasions. I know, however, that
    Samba uses PAM for syncing the passwd/shadow files, so there must be
    some sort of interfacing capabilities native to Samba.
    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

  3. Re: [Samba] Convert ssha password to sambaNTpassword?

    Scott Lovenberg wrote:
    > Matt Richardson wrote:
    >> Is it possible to take a SSHA password from an ldif and create a
    >> proper sambaNTpassword from it? Here's the scenario: the ldap
    >> servers in our organization do not have the samba schema installed and
    >> the likelihood of that happening is slim. I still want to provide
    >> clients with as close to a single sign on solution as possible and I
    >> can get an ldif of the accounts I need. However, the password field
    >> is SSHA and I will still need to generate sambaLMpassword and
    >> sambaNTpasswd fields (along with the rest, but that part is a wrapper
    >> script around smbldap-utils away.) There is a remote possibility of
    >> getting these hashes generated by an Identity Management Server, which
    >> would make the problem go away. The IDM solution is remote, as the
    >> admin for it is already overworked, so parsing an ldif seems to be the
    >> best solution at the moment.
    >>
    >> Any suggestions would be appreciated.
    >>

    > Are PAM modules a viable route and/or one that you'd consider? I have
    > no idea how it would work, but it seems to me that it's a good loosely
    > coupled interface from both sides of the problem. To be honest, I run
    > Slackware and PAM isn't included as Patric V. strong believes PAM is a
    > security risk, so I can't comment on how easy an implementation might be
    > as I've only toyed with it on a few occasions. I know, however, that
    > Samba uses PAM for syncing the passwd/shadow files, so there must be
    > some sort of interfacing capabilities native to Samba.


    I would totally go with PAM, but have not heard of one to deal with this
    issue. It's a good idea, so off to google I go.

    --
    Matt Richardson
    IT Consultant
    College of Arts and Letters
    CSU San Bernardino
    work: (909)537-7598
    fax: (909)537-5926

    --
    To unsubscribe from this list go to the following URL and read the
    instructions: https://lists.samba.org/mailman/listinfo/samba

+ Reply to Thread