[Samba] Preparing Unix LDAP Accounts for Samba use

Alexander Schaber lists at alexanderschaber.de
Tue Jan 9 14:37:03 GMT 2007

Am Dienstag, 9. Januar 2007 14:21 schrieben Sie:
> Hi Alexander,
> > Alright, thanks to your help, this seems to work now :)
> >
> > The actual problem is the LDAP Backend now, since there are about 800
> > student accounts and I've only added a few (by hand) with sambaSamAccount
> > objectClasses in order to test the case.
> >
> > How can I add the samba specific options to all user accounts and
> > possible even use the unix passwords (I know they cannot be reverted to
> > clear text and therefore there is no way of creating a samba hash that
> > way).
> I used smbldap tools (http://freshmeat.net/projects/smbldap-tools/) to
> configure 150 user accounts a few month ago from a CSV file (a simple
> awk script should do the job). 

Did you create new users or added samba options for those users?

> You pointed the fact that it is not possible to revert the crypt hash
> from /etc/shadow, however  a brute force/ dictionary attack on
> your /etc/shadow should let you get most of 
> the password anyway since the average password quality is usually very
> very low (unless you have set up a strict password setting policy of
> course, and in this case, you just have to look for post-it all over the
> place :-).

Well with LDAP handling all the unix accounts I don't really have 
a /etc/shadow .. 

> Smbldaptool can be mostly scripted. However, in order to set default
> passwords, you'll have to use Expect (http://expect.nist.gov/) since
> smbldap-passwd is interactive.

Thanks for the hint :)

Talking of smbldap tools:

server:~ # smbldap-usermod --help
Usage: smbldap-usermod [-OPTIONS [-MORE_OPTIONS]] [--] [PROGRAM_ARG1 ...]
  -a    add sambaSAMAccount objectclass

That's nearly just what I've been looking for :)

> Cheers,
> Denis
> > If there is any further assistance I would appreciate it very much :)

 Alexander Schaber

More information about the samba mailing list