[Samba] Samba 4 LDAP NTLM password nightly injection

[Andrew Bartlett]

On Tue, 2012-12-11 at 21:48 -0500, Luc Lalonde wrote:
> Hello Folks,
> 
> In pour present Samba-3 setup we update user passwords in our LDAP backend.  We only have access to the encrypted NTLM passwords and use Perl scripts to do this.
> 
> Beyond importing the user database with the 'Classic upgrade' method, will we be able to adapt our Perl scripts so that we can keep updating the internal Samba-4 database with the encrypted passwords as we did with Samba-3?
> 
> We've been using Samba for many years now and very much appreciate all the work done by the Samba team.  Congrats on getting Samba-4 to stable status!

Yes, you can continue to do that.  The best approach would be to set it
via the ldb python bindings, specifying the
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control and unicodePwd, or via the
python or C passdb API.  

One approach you could code from is how we set the administrator
password during the 'classicupgrade' script in
source4/scripting/python/samba/upgrade.py.  

Give that a go, but if you need more clues I'm very happy to help out. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org