[Samba] Re: Yet Another LDAP Question
Paul Gienger
pgienger at ae-solutions.com
Mon Apr 26 21:24:04 GMT 2004
The UNIX passwords are stored with one-way encryption, so unless you
want to brute force them all, there's really no good way to get them
from the system. If you have their passwords stored in samba someplace
already, like tdbsam or smbpasswd, then you can use the pdbedit command
with import and export flags to move the accounts over to ldap. I did
this with my 2.2.8a smbpasswd file for testing. In that case I pulled
my line out into a temporary passwd file on my testbox and ran something
like
pdbedit --import=smbpasswd --export=ldap
and my user gained the new object class and also had the password set.
I would imagine you can do the same with tdbsam, although not on a
user-by user basis like I did, but that was for testing anyway.
Michal Kurowski wrote:
>Paul Gienger [pgienger at ae-solutions.com] wrote:
>
>
>>I believe the README is out of date. Their website says that something
>>like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server
>>just fine making only configuration changes like server locations,
>>containers, and domain SID. I did have to hack one script for my
>>purposes, but that was only because my primary ldap server is over a
>>greater-latency-than-local-lan link and replication takes a couple seconds.
>>
>>
>>
>
>It relates to my last question: is there any way to for unix->NT
>password conversion ?
>
>I need to create ntAccounts from my shadow passwords (crypt-ed) in the
>Ldap server. It seems there's no supported way but two problems emerge
>in here:
>
>1) you have to ask lots of people to type their passwords again
>2) you have no control maintain same password policy
>
>Cheers,
>
>
>
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger at ae-solutions.com
More information about the samba
mailing list