[Samba] ldap smbpasswd automation (anyway around smbpasswd)
Logan Shaw
lshaw at emitinc.com
Fri Jul 21 17:40:40 GMT 2006
On Fri, 21 Jul 2006, oly wrote:
> okay managed to get accounts working by running smbpasswd username then
> entering there password,
>
> is there anyway i can make it use ldap or fill in the list from ldap, i
> have about 80 users in there and need to add about 800 more i do not
> want to sit and enter the password for around 900 users must be an
> easier way?
>
> it was very easy to get the accounts into ldap beacause i generated the
> ldifs from a userlist using calc.
Do you have smb.conf pointing at an LDAP server for the user
database, with a "passdb backend" directive? If so, then
you've probably got the configuration right and all you need
is a tool to populate the LDAP database.
There is a set of Perl scripts called smbldap-tools that
is bundled with Samba; this works pretty well for creating
accounts and so on. "smbldap-useradd -a someuser" will add
someuser to the Samba user list (and to the Unix user list
as well; I believe the tool can handle it if the Unix user
already exists in LDAP).
As for the passwords, if you have the plaintext passwords in
a database, you can pipe them into smbldap-passwd and it will
change them. For example:
#! /bin/sh
while read user pass
do
{
echo "$pass"
echo "$pass"
} | /path/to/smbldap-passwd "$user"
done << END_OF_DATA
joebob joepass
jimbob jimpass
END_OF_DATA
If you don't have the plaintext passwords, unfortunately
there is no way to recover them from the crypt()ed versions
in /etc/shadow or similar and convert them to Windows format.
- Logan
More information about the samba
mailing list