[Samba] exported LDAP DB > file > smbpasswd?

Fri May 25 08:17:00 MDT 2012

I understand what you are trying to accomplish.

However I do not know which LDAP field is used for the "pGina"
password-  I believe it is "userPassword" but I am not sure.

If seems to me you have three options

1.  Crack the unix passwords so you can create matching windows passwords.
2.  Configure Samba and your Windows clients to use plain text
authentication so that your "unix" passwords can be used for authentication.
3.  Prior to switching users to samba, have them create their "samba"
passwords.  Or you may have to set an initial password for each user. 

If I were to try to have users set their samba passwords, I would
probably try to set up a web page that validates their login against the
current non-samba password (Plaintext auth over SSL encryption ) , then
passes the password and user name to a script to set their samba password. 

It would be simpler if the Windows machines were in a Samba domain - but
that may be tricky to do. 

On 05/25/12 09:57, aurfalien wrote:
> I am using pGina for authing, correct.
>
> But when I map drive shares, I'll need some kind of authing mechanism.
>
> My desire was this;
>
> Since I already auth the user during there pGina login to Windows, I did not want to auth again for drive mapping to a Samba server.
>
> But... since this SSO doesn't carry through to Samba as the Samba file server does not know who this person is requesting a drive map, they will need to input credentials.
>
> What I would really LOVE is this;
>
> Since authing has already been taking care of during log in, to be able to map a drive as that user w/o needing the input a password.
>
> This way whatever they touch on the server will maintain there UID/GID or UGO rather.
>
> This in effect will make Samba act as NFS in a way with regards to security (who are you and what are you allowed to do).
>
> - aurf
>
>
>
>
> On May 25, 2012, at 9:44 AM, Gaiseric Vandal wrote:
>
>> pbdedit will export the "Windows" password from the "SambaNTPassword"
>> field (won't it?)
>>
>> My understanding was the pGina was using the unix password in the
>> "userPassword"  field?    Or am I wrong?
>>
>>
>>
>>
>> On 05/25/12 09:36, aurfalien wrote:
>>> Now thats brilliant, elegant and simple.
>>>
>>> Thanks Collen, looking forward to trying it.
>>>
>>> - aurf
>>> On May 25, 2012, at 2:31 AM, Collen wrote:
>>>
>>>> Hi,
>>>>
>>>> why not export with pdbedit and then import it again ?!
>>>> no converting needed... (except for smb.conf that is.)
>>>>
>>>> cheers.
>>>>
>>>> On 25-5-2012 0:01, Gaiseric Vandal wrote:
>>>>> Just what is in the documentation on samba.org.
>>>>>
>>>>> Anything involving plain-text authentication seems to be discouraged.
>>>>>
>>>>>
>>>>>
>>>>> On 05/24/12 17:56, aurfalien wrote:
>>>>>>> On 05/24/12 16:25, aurfalien wrote:
>>>>>>>> Hi all,
>>>>>>>>
>>>>>>>> I am using OpenLDAP and over have ~800 users in its DB.
>>>>>>>>
>>>>>>>> I would like to simply use Samba as a file server, no PDC.
>>>>>>>>
>>>>>>>> I have been able to export my LDAP DB to a file containing hashes of users passwords.
>>>>>>>>
>>>>>>>> Is there a way I can import this file to smbpasswd or other file that Samba understands so that my 800 some odd users won't have to re register there passwords?
>>>>>>>>
>>>>>>>> I would really love to avoid having 800 annoyed users retyping there passwords for accessing shares.
>>>>>>>>
>>>>>>>> I have them currently authenticating on Windows via an LDAP client (pGina).
>>>>>>>>
>>>>>>>> - aurf
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>> -- 
>>>> ---
>>>> Collen Blijenberg - systeem/netwerk beheerder
>>>>
>>>> -- 
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba