[Samba] Preparing Unix LDAP Accounts for Samba use
Alexander Schaber
lists at alexanderschaber.de
Tue Jan 9 14:37:03 GMT 2007
Am Dienstag, 9. Januar 2007 14:21 schrieben Sie:
> Hi Alexander,
>
> > Alright, thanks to your help, this seems to work now :)
> >
> > The actual problem is the LDAP Backend now, since there are about 800
> > student accounts and I've only added a few (by hand) with sambaSamAccount
> > objectClasses in order to test the case.
> >
> > How can I add the samba specific options to all user accounts and
> > possible even use the unix passwords (I know they cannot be reverted to
> > clear text and therefore there is no way of creating a samba hash that
> > way).
>
> I used smbldap tools (http://freshmeat.net/projects/smbldap-tools/) to
> configure 150 user accounts a few month ago from a CSV file (a simple
> awk script should do the job).
Did you create new users or added samba options for those users?
> You pointed the fact that it is not possible to revert the crypt hash
> from /etc/shadow, however a brute force/ dictionary attack on
> your /etc/shadow should let you get most of
> the password anyway since the average password quality is usually very
> very low (unless you have set up a strict password setting policy of
> course, and in this case, you just have to look for post-it all over the
> place :-).
Well with LDAP handling all the unix accounts I don't really have
a /etc/shadow ..
> Smbldaptool can be mostly scripted. However, in order to set default
> passwords, you'll have to use Expect (http://expect.nist.gov/) since
> smbldap-passwd is interactive.
Thanks for the hint :)
Talking of smbldap tools:
server:~ # smbldap-usermod --help
<snip>
Usage: smbldap-usermod [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
<snip>
-a add sambaSAMAccount objectclass
<snip>
That's nearly just what I've been looking for :)
> Cheers,
>
> Denis
>
> > If there is any further assistance I would appreciate it very much :)
--
Greetings
Alexander Schaber
More information about the samba
mailing list