[Samba] ldap smbpasswd automation (anyway around smbpasswd)

Logan Shaw lshaw at emitinc.com
Fri Jul 21 17:40:40 GMT 2006


On Fri, 21 Jul 2006, oly wrote:
> okay managed to get accounts working by running smbpasswd username then
> entering there password,
>
> is there anyway i can make it use ldap or fill in the list from ldap, i
> have about 80 users in there and need to add about 800 more i do not
> want to sit and enter the password for around 900 users must be an
> easier way?
>
> it was very easy  to get the accounts into ldap beacause i generated the
> ldifs from a userlist using calc.

Do you have smb.conf pointing at an LDAP server for the user
database, with a "passdb backend" directive?  If so, then
you've probably got the configuration right and all you need
is a tool to populate the LDAP database.

There is a set of Perl scripts called smbldap-tools that
is bundled with Samba; this works pretty well for creating
accounts and so on.  "smbldap-useradd -a someuser" will add
someuser to the Samba user list (and to the Unix user list
as well; I believe the tool can handle it if the Unix user
already exists in LDAP).

As for the passwords, if you have the plaintext passwords in
a database, you can pipe them into smbldap-passwd and it will
change them.  For example:

 	#! /bin/sh

 	while read user pass
 	do
 	    {
 	    echo "$pass"
 	    echo "$pass"
 	    } | /path/to/smbldap-passwd "$user"
 	done << END_OF_DATA
 	joebob	joepass
 	jimbob	jimpass
 	END_OF_DATA

If you don't have the plaintext passwords, unfortunately
there is no way to recover them from the crypt()ed versions
in /etc/shadow or similar and convert them to Windows format.

   - Logan


More information about the samba mailing list