[Samba] smbpasswd to LDAP

Thu Mar 17 17:39:31 GMT 2005

Quoting Luca Olivetti <luca at wetron.es>:

> Matt Lung wrote:
> > Is there a way to take users samba passwords from an old 2.x Samba server,
> and
> > insert them into a new 3.x Samba server that using an LDAP backend?  The
> new
> > server is already populated with all users and groups in LDAP and is
> currently
> > on a test network.  All that is needed is the users samba passwords from
> the
> > old server that is using the smbpasswd file.
>
> If there aren't samba attributes in ldap you can use
>
> pdbedit -i smbpasswd:<smbpasswd-file-path>
>
> If there are already samba attributes this won't work.
>
> What I did was:

Hmm... I don't think that will work for us here.  Our users have been migrated
out of the passwd and shadow file on the old server for a while now.  Their
account info (except their samba password) has lived in LDAP for a few years
now.  I'm just trying to avoid having to change all the users passwords on the
new server and having a big mess.  I'd like it to be very transparent.  I guess
if what I'm asking is impossible at this point I'm sort of heading towards the
mess.  My question is Shouldn't I somehow be able to insert samba passwords into
the LDAP database and move on?  Or is it just past that point now?

When I change my password on the new server I know it is changing the
sambaLMPassword attribute. So how is the migrate tool setting that from the
sambapasswd file when someone is migrating?

> - clean the ldap database (easy here since I was just testing)
> - smbldap-populate -k 0 -a root
> - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine
> - remove all machine accounts, system groups and other users/groups you
> don't in ldap from all these files
>
> at this point, if you have special characters (like, á, é, í, etc.) in
> your files, you'll have to make somewhat a cleaned-up copy, since the
> idealx tools don't work with non us-ascii characters
>
> -temporarily add users in /etc/passwd of the new machine
> -pdbedit -i smbpasswd:<smbpasswd-file>
> -remove the users previously added to /etc/passwd
> -smbldap-migrate-passwd -d account -a -P <your cleansed passwd file> -S
> <your shadow file>
> -smbldap-migrate-group -a -G <your cleansed group file>
>
>
> What I done may be totally wrong, YMMV, etc., but it seems it has worked
> fine so far.
> Bye
> --
> Luca Olivetti
> Wetron Automatización S.A. http://www.wetron.es/
> Tel. +34 93 5883004      Fax +34 93 5883007
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.