RE: [SLUG] Samba as a PDC for windows domain

[John Wiltshire <jw@xxxxxxxxxxx>]

From: Peter Rundle [mailto:peter.rundle@xxxxxxxxxxxxxx]
> 
> Sluggers,
> 
> I've been busy converting my authentication system to LDAP for all 
> my Solaris and Linux boxen. Converting NT however is proving to be
> a bit of a challenge. I was just given an off the wall suggestion
> that perhaps we should use the latest version of Samba (on Linux of
> course :-) as the PDC for the windows domain. Configure Samba to
> use pam_ldap to authenticate and hey presto.
> 
> Anyone been there done that, got any advice before I charge in and 
> get burnt? One thing that comes to mind is encrypted passwords, the 
> LDAP server keeps the password in SHA format, if Samba get's an 
> encrypted password in whatever Doze format, how can it make the 
> comparison? or does Samba know how to decrypt the password coming
> from the Doze box so it can generate a Unix crypt passwd for 
> pam_pwdb.so authentication?
> 
> Any and all thoughts gratefully accepted.

Windows sends hashes, not actual passwords so the Samba server cannot
actually decrypt them unless you configure it to only accept plain-text
passwords from the Windows host and do a bit of hacking inside the Samba
code.