[Likewise-open-discuss] Getting AD password hashes

[Carl Johnson]

Hi,

Can anyone tell me whether it is possible to obtain AD user password 
hashes with Likewise?

We're trying to sync our passwords between Windows and Linux but we do 
not want to run any network auth on the Linux side like Kerberos, LDAP, 
Likewise agent, etc. We would rather push out standardized /etc/passwd 
and /etc/shadow ourselves (and use this data for other purposes, like 
application auth). Of course we need password hashes for this.

The Microsoft "Password Synchronization" solution makes this possible 
and even gives a unix daemon and PAM module. Unfortunately it is very 
old and apparently no longer supported by MS since it was written for 
Red Hat 8 & 9, now over 5 years old. I got it to compile on Ubuntu, but 
it segfaults, apparently due to some poorly coded memory allocation.

Another option is to just run Services for UNIX which will extend the AD 
schema with the fields I need, but our AD admin refuses to extend the 
schema.

Thanks!
Carl