[Samba] Preparing Unix LDAP Accounts for Samba use

Cardon Denis denis.cardon at tranquilitsystems.com
Tue Jan 9 13:21:26 GMT 2007


Hi Alexander,
> Alright, thanks to your help, this seems to work now :)
>
> The actual problem is the LDAP Backend now, since there are about 800 student 
> accounts and I've only added a few (by hand) with sambaSamAccount 
> objectClasses in order to test the case.
>
> How can I add the samba specific options to all user accounts and possible 
> even use the unix passwords (I know they cannot be reverted to clear text and 
> therefore there is no way of creating a samba hash that way).
>   
I used smbldap tools (http://freshmeat.net/projects/smbldap-tools/) to 
configure 150 user accounts a few month ago from a CSV file (a simple 
awk script should do the job). You pointed the fact that it is not 
possible to revert the crypt hash from /etc/shadow, however  a brute 
force/ dictionary attack on your /etc/shadow should let you get most of 
the password anyway since the average password quality is usually very 
very low (unless you have set up a strict password setting policy of 
course, and in this case, you just have to look for post-it all over the 
place :-).

Smbldaptool can be mostly scripted. However, in order to set default 
passwords, you'll have to use Expect (http://expect.nist.gov/) since 
smbldap-passwd is interactive.

Cheers,

Denis

> If there is any further assistance I would appreciate it very much :)
>
>   
-- 
Denis Cardon
Tranquil IT Systems
10 rue du Docteur Bouchard
49400 Saumur
tel : +33 (0) 2.41.67.56.99
fax : +33 (0) 2.40.56.09.81
mob : +33 (0) 6 81 66 27 62
http://www.tranquil-it-systems.fr




More information about the samba mailing list