[Samba] Preparing Unix LDAP Accounts for Samba use
Cardon Denis
denis.cardon at tranquilitsystems.com
Tue Jan 9 13:21:26 GMT 2007
Hi Alexander,
> Alright, thanks to your help, this seems to work now :)
>
> The actual problem is the LDAP Backend now, since there are about 800 student
> accounts and I've only added a few (by hand) with sambaSamAccount
> objectClasses in order to test the case.
>
> How can I add the samba specific options to all user accounts and possible
> even use the unix passwords (I know they cannot be reverted to clear text and
> therefore there is no way of creating a samba hash that way).
>
I used smbldap tools (http://freshmeat.net/projects/smbldap-tools/) to
configure 150 user accounts a few month ago from a CSV file (a simple
awk script should do the job). You pointed the fact that it is not
possible to revert the crypt hash from /etc/shadow, however a brute
force/ dictionary attack on your /etc/shadow should let you get most of
the password anyway since the average password quality is usually very
very low (unless you have set up a strict password setting policy of
course, and in this case, you just have to look for post-it all over the
place :-).
Smbldaptool can be mostly scripted. However, in order to set default
passwords, you'll have to use Expect (http://expect.nist.gov/) since
smbldap-passwd is interactive.
Cheers,
Denis
> If there is any further assistance I would appreciate it very much :)
>
>
--
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0) 2.41.67.56.99
fax : +33 (0) 2.40.56.09.81
mob : +33 (0) 6 81 66 27 62
http://www.tranquil-it-systems.fr
More information about the samba
mailing list