[Samba] Re: change ldap accounts to samba ldap accounts

paul kölle paul at subsignal.org
Thu Apr 19 08:23:44 GMT 2007


James Tran wrote:
> Hi i've got a situation where i need to add samba support to every
> acccount in my ldap database.
> I already have an ldap database populated with a couple hundred users
> and need to be able to use the same password they use for their login as
> for their samba accounts.
> Is there anyway to add all the samba attributes to their ldap accounts
> and also migrate their passwords from the standard md5 unix passwords to
> sambaLM and sambaNT password like via script or something?
Yes and No. You can manually add the required attributes from
samba.schema with ldapmodify or something similar. You cannot convert
the md5 hash, hashes are one-way that's the point of having them.

> To make things short.
> I want all my existing ldap users to have a single password in ldap
> without having to do a "smbpasswd -a username" for every account
You need all three attributes (userPassword, sambaLM..., sambaNT...),
samba can update the unix password if users change the password from
windows clients (sync ldap password = yes, OTOH). If you don't want to
have new passwords you'd need access to the cleartext passwords or
require users to change their password and intercept this to get the pw...

cheers
 Paul



More information about the samba mailing list