[Samba] Re: Yet Another LDAP Question

Paul Gienger pgienger at ae-solutions.com
Mon Apr 26 21:24:04 GMT 2004

The UNIX passwords are stored with one-way encryption, so unless you 
want to brute force them all, there's really no good way to get them 
from the system.  If you have their passwords stored in samba someplace 
already, like tdbsam or smbpasswd, then you can use the pdbedit command 
with import and export flags to move the accounts over to ldap.  I did 
this with my 2.2.8a smbpasswd file for testing.  In that case I pulled 
my line out into a temporary passwd file on my testbox and ran something 
pdbedit  --import=smbpasswd --export=ldap
and my user gained the new object class and also had the password set.  
I would imagine you can do the same with tdbsam, although not on a 
user-by user basis like I did, but that was for testing anyway.

Michal Kurowski wrote:

>Paul Gienger [pgienger at ae-solutions.com] wrote:
>>I believe the README is out of date.  Their website says that something 
>>like .80 and up work on 3.x.  I have used .84 to populate a 3.0.2 server 
>>just fine making only configuration changes like server locations, 
>>containers, and domain SID.  I did have to hack one script for my 
>>purposes, but that was only because my primary ldap server is over a 
>>greater-latency-than-local-lan link and replication takes a couple seconds.
>It relates to my last question: is there any way to for unix->NT
>password conversion ? 
>I need to create ntAccounts from my shadow passwords (crypt-ed) in the
>Ldap server. It seems there's no supported way but two problems emerge
>in here:
>1) you have to ask lots of people to type their passwords again
>2) you have no control maintain same password policy

Paul Gienger                     Office:		701-281-1884
Applied Engineering Inc.         Cell:			701-306-6254
Information Systems Consultant   Fax:			701-281-1322
URL: www.ae-solutions.com        mailto:pgienger at ae-solutions.com

More information about the samba mailing list