Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: n0lqu on August 02, 2005, 09:48:51 PM
-
I'm migrating our users from an OS/2 Warp Server network to an SME 6.5 server. I can set up the users fine using the "lat-tools" batch utilities (http://mirror.contribs.org/smeserver/contribs/mblotwijk/Contribs/lazy-admin-tools/lat-tools.html) or interactively using the SME Server Manager, however I only have access to the users' passwords in hashed "lanman" format and I'm having trouble figuring out how to get these to work.
The /etc/smbpasswd file has a field for lanman-style hashed passwords:
name:userid:lanman-hash:nt-hash:[flags]:lastchange:
However it doesn't appear that putting a lanman-style password in here works. Does SME use the smbpasswd file, the /etc/shadow file, or LDAP passwords for samba authentication?
LDAP appears to have a sambaLMPassword entry that seems meant for the lanman-style passwords, however it's not clear to me that SME users LDAP for passwords.
Does anyone have any ideas on how I can set up my users using the lanman passwords?
-
I'm migrating our users from an OS/2 Warp Server network to an SME 6.5 server.
I can't help you, I just wanted to say DAMN! you sure stuck with OS/2 for a loooong time. :-o
-
What can I say? When you find something that works well... But given the lack of active development it is becoming increasingly difficult to keep up with newer technological needs so we're ready to start switching to Linux and Samba, especially once I figure out the password problem.
-
however I only have access to the users' passwords in hashed "lanman" format and I'm having trouble figuring out how to get these to work.
There isn't a simple solution to this. You need access to the plain text password in order to generate the other passwords.
In some cases you can reverse engineer the LANMAN hash, but hopefully your passwords are nice and strong.
However it doesn't appear that putting a lanman-style password in here works.
I believe this is possible, but it will only work for Samba, not for IMAP, POP, AUTH SMTP, etc.
Does SME use the smbpasswd file, the /etc/shadow file, or LDAP passwords for samba authentication?
When you set a user's password from the manager, smbpasswd and /etc/shadow are both updated.
The best solution is to require users to change their password during the move. Yes, I know that's painful, it's probably a good time to clean out those crusty five year old passwords :-)
-
however I only have access to the users' passwords in hashed "lanman" format and I'm having trouble figuring out how to get these to work.
There isn't a simple solution to this. You need access to the plain text password in order to generate the other passwords.
In some cases you can reverse engineer the LANMAN hash, but hopefully your passwords are nice and strong.
However it doesn't appear that putting a lanman-style password in here works.
I believe this is possible, but it will only work for Samba, not for IMAP, POP, AUTH SMTP, etc.
Does SME use the smbpasswd file, the /etc/shadow file, or LDAP passwords for samba authentication?
When you set a user's password from the manager, smbpasswd and /etc/shadow are both updated.
The best solution is to require users to change their password during the move. Yes, I know that's painful, it's probably a good time to clean out those crusty five year old passwords :-)
That pretty much confirms what I was suspecting. I don't at this time need passwords for anything other than Samba (we're using a different mail server), but since SME ties Samba accounts with matching Unix accounts, it looks like I will need to have the plaintext version (or at least something plaintext) to be able to generate the Unix and NT-style passwords. No sense trying to reverse engineer them, I guess I'll have to start thinking about the logistics of requiring they change their password like you suggested or something along those lines.
Thanks!
-
I guess I'll have to start thinking about the logistics of requiring they change their password like you suggested or something along those lines.
The -p switch in lat-users might come in handy. This option will generate a random password for each account it creats and write it to a file.
Using your favourite wordprocessor and some basic mail merge you can then create personalised instruction sheets for your users with their new ID & password on it.
regards,
Michiel