[Samba] Preparing Unix LDAP Accounts for Samba use

Cardon Denis denis.cardon at tranquilitsystems.com
Tue Jan 9 13:21:26 GMT 2007

Hi Alexander,
> Alright, thanks to your help, this seems to work now :)
> The actual problem is the LDAP Backend now, since there are about 800 student 
> accounts and I've only added a few (by hand) with sambaSamAccount 
> objectClasses in order to test the case.
> How can I add the samba specific options to all user accounts and possible 
> even use the unix passwords (I know they cannot be reverted to clear text and 
> therefore there is no way of creating a samba hash that way).
I used smbldap tools (http://freshmeat.net/projects/smbldap-tools/) to 
configure 150 user accounts a few month ago from a CSV file (a simple 
awk script should do the job). You pointed the fact that it is not 
possible to revert the crypt hash from /etc/shadow, however  a brute 
force/ dictionary attack on your /etc/shadow should let you get most of 
the password anyway since the average password quality is usually very 
very low (unless you have set up a strict password setting policy of 
course, and in this case, you just have to look for post-it all over the 
place :-).

Smbldaptool can be mostly scripted. However, in order to set default 
passwords, you'll have to use Expect (http://expect.nist.gov/) since 
smbldap-passwd is interactive.



> If there is any further assistance I would appreciate it very much :)
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0)
fax : +33 (0)
mob : +33 (0) 6 81 66 27 62

More information about the samba mailing list