[Samba] Re: change ldap accounts to samba ldap accounts

James Tran james at nttmcl.com
Thu Apr 19 16:15:55 GMT 2007 

paul kölle wrote:
> James Tran wrote:
>   
>> Hi i've got a situation where i need to add samba support to every
>> acccount in my ldap database.
>> I already have an ldap database populated with a couple hundred users
>> and need to be able to use the same password they use for their login as
>> for their samba accounts.
>> Is there anyway to add all the samba attributes to their ldap accounts
>> and also migrate their passwords from the standard md5 unix passwords to
>> sambaLM and sambaNT password like via script or something?
>>     
> Yes and No. You can manually add the required attributes from
> samba.schema with ldapmodify or something similar. You cannot convert
> the md5 hash, hashes are one-way that's the point of having them.
>
>   
>> To make things short.
>> I want all my existing ldap users to have a single password in ldap
>> without having to do a "smbpasswd -a username" for every account
>>     
> You need all three attributes (userPassword, sambaLM..., sambaNT...),
> samba can update the unix password if users change the password from
> windows clients (sync ldap password = yes, OTOH). If you don't want to
> have new passwords you'd need access to the cleartext passwords or
> require users to change their password and intercept this to get the pw...
>
> cheers
>  Paul
>
>   
Ok since i can't do that stuff i have another idea.

The passdb.tdb file has all the samba passwords right?
Is there a way i can transfer the passwords from there into an ldap 
directory easily for users?
I'm obviously trying to take the most lazy route for things but that's 
what being a sysadmin is about right?

That and is there a way to just populate all the users in an ldap ou 
with the ldap schema without having to touch every entry?
like for instance i have an ou=People that i want all the entries in 
there to automatically gain the attributes of a SambaSamAccount with the 
exception of a password cause obviously i need to do that some other 
way. Anything like that?

More information about the samba mailing list