[Samba] Adding existing ldap users as Samba users
John H Terpstra - Samba Team
jht at samba.org
Thu Mar 5 21:35:16 GMT 2009
Jason Voorhees wrote:
> Hi people:
>
> I have a LDAP server running OpenLDAP that serves authentication
> purposes to services like ftp, imap, openvpn, etc. Now I implemented a
> Samba PDC based on LDAP.
> I did the configuration with Samba 3.2.5 on Debian Etch and
> smbldap-tools. I was able to join a WinXP workstation to my domain
> without problems but I can't login with any existing user in my LDAP
> directory.
>
> Then I added my user to the Samba database with "smbpasswd -a myuser"
> with the same current password of myuser. Now, I need to enable all
> LDAP users as Samba users but I don't want to run "smbpasswd" for
> every user because I don't know their passwords.
Have these users previously used Samba to connect to this server? Do
you have an smbpasswd file or a tdbsam file?
If so, there is an easy way to migrate the SambaSAM account information
so long as the uid and gid for each user has not changed. You can then
execute:
pdbedit -i smbpasswd -e ldapsam
or
pdbedit -i tdbsam -e ldapsam
Those actions should copy the NT passwords into a SambaSAM account
extenstion in your LDAP directory.
> What could be the solution to convert all my ldap users as samba
> users?
The UNIX password hashes can not be converted into NT password hashes.
> Simply adding the corresponding objectClass and samba
> attributes to the users ldap entries would be enough? If this is true,
> what value should I use for sambaNTPassword, sambaPasswordHistory,
> sambaSID, among other samba attributes?
>
> I hope some can help me a bit :(
>
> Thanks :)
Cheers,
John T.
More information about the samba
mailing list