lukas at dcs.qmul.ac.uk
Thu Sep 9 10:52:27 MDT 2010
On 09/09/2010 05:43 PM, Matthias Dieter Wallnöfer wrote:
> Hi Lukasz,
> yeah - now it's fine.
> Btw: Luke, metze, should we include this in our source tree?
I'm fine with it, but its really metzes call :). There are few things
to clean up, and few things marked TODO (such as domain trusts import).
I have another version of that script (with the ability to remove
attributes after they have been processed).
P.S. I will be using this script to do our ldap -> s4 migration very soon
> Lukasz Zalewski wrote:
>> On 08/20/2010 08:46 PM, Lukasz Zalewski wrote:
>>> On 20/08/2010 17:06, Matthias Dieter Wallnöfer wrote:
>>>> Hi Lukasz,
>>>> Lukasz Zalewski wrote:
>>>>> Hi Matthias,
>>>>> On 08/20/2010 06:55 AM, Matthias Dieter Wallnöfer wrote:
>>>>> Yup the account is non-functional, but what confused me was it didn't
>>>>> have the diabled account flag set. So my question is shall the script
>>>>> explicitly set disabled flag if no hashes are present (or no NT has is
>>>>> present) or shall we leave it as it is
>>>> Well, I would suggest it since at least Windows Server allows accounts
>>>> without passwords only with the disabled flag (you cannot enable an
>>>> account without any password). On the other hand s4 doesn't implement
>>>> this check yet, I think. So it' up to you what you prefer.
>>> Ok i will set account disabled flag on user account if NTLM hash is
>>>>> The script is intended to import hashes, rather than plain texp pwds
>>>>> (or no passwords) so i believe metze's way is the only way ;)
>>>> Yeah, please do that.
>> Matthias, Metze, all
>> Now if unicodePwd element is missing account automatically has
>> disabled flag set. This only applies to users at the moment.
>> Patch attached
More information about the samba-technical