OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [suse-security] importing users
From: tschweikleFIDUCIA.de
Date: Mon Dec 11 2000 - 07:17:22 CST

> On Sat, 9 Dec 2000, Robert Casties wrote:
>
>> On Fri, 8 Dec 2000, Oliver Hensel wrote:
>>
>> > > Best would be, if the user-data could also be included into samba (samba
>> > > should act as an login-server for his domain)
>> >
>> > This however should be perfectly possible, just export the SAM from NT,
>> > and import the hashes into /etc/smbpasswd, which you need anyway. But then
>> > there's no login to the Linux machine (POP3, FTP...).
>>
>> For that you can use PAM-SMB which authenticates unix users against a
>> NT-PDC and samba. You will have to twiddle your PAM settings if you have
>> mixed userbases I guess.
>
> But then you have to keep the NT-PDC, which is not what the original user
> wanted, if I remember right.

No, you don't. Just use one samba server to authenticate against. With
'pam_smb.conf' leave the second server line empty. No space. Just CR. Otherwise
sometimes authentication works against some ghost server nowhere configured...

I remember there where programmes exporting the whole user and group database
of a NT PCD. But don't ask me where to find them. I am not sure, but I think
they where included on that technical reference CD. 

--
Thomas
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com