[Samba] How to manage users with encrypted passwords
Steve Thompson
smt at vgersoft.com
Thu Jun 12 07:52:09 MDT 2014
On Thu, 12 Jun 2014, Benjamin Rocton wrote:
> Yes, but I do not have the passwords in clear text in the LDAP. I can only
> have the encrypted password. And it does not seem that we can use samba-tool
> with an encrypted password?
If you have the sambaNTPassword value from Samba3's LDAP database, you can
migrate that to the unicodePW field in Samba4's LDAP database by
converting it with this short Python script:
#!/usr/bin/env python
import base64
import binascii
import sys
ldap_samba_nt_password = sys.argv[1]
b64_hash = base64.b64encode(binascii.a2b_hex(ldap_samba_nt_password))
print b64_hash
which takes sambaNTPassword as an argument and prints unicodePwd on
standard out. Write that to Samba4 with ldbmodify:
# ldbmodify -H /whatever/private/sam/ldb --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 << EOF
dn: CN=$name,CN=Users,DC=....
changetype: modify
replace: unicodePwd
unicodePwd:: <value from python script>
-
EOF
I used this technique for about 2000 users with no problems.
Steve
More information about the samba
mailing list