[Samba] Samba file server using ldap backend without AD or PDC?

Brian Gold bgold at simons-rock.edu
Fri Nov 30 14:11:08 MST 2012

On 2012-11-30 4:01 pm, Gaiseric Vandal wrote:
> So when you run pdbedit -Lv for a user, is the "Unix user" name is an
> account in ldap?   If that is the case, then you probably just want 
> to
> have a script that runs that runs thru a list of user names and they
> runs ldapmodify to add the appropriate samba attributes.    In theory
> you can use pdbedit to export the data, then change the backend, then
> import it back. I found that didn't quite work.
> I had originally used nis backend for unix accounts and TBD backend
> for samba.   I moved from NIS to LDAP for unix accounts. Then when I
> added a BDC I moved the samba data into ldap.    I had used smbpasswd
> to dump the data to a text file, then wrote a perl script to parse 
> the
> file into user name,  samba SID, and samba password and then rewrite
> it into an ldapmodify ldif file.  I used this file to update the
> existing LDAP accounts.
> You MAYBE can use smbpasswd or pdbedit to create the samba accounts
> in LDAP but I suspect that either it won't preserve the existing
> password OR it may refuse to create the account.

Here is the output for that same user when I do a pdbedit. The "unix 
username" is being pulled from ldap.
pdbedit -Lv testaff
Unix username:        testaff
NT username:
Account Flags:        [U          ]
User SID:             S-1-5-21-2531268310-2106678637-3833209162-15782
Primary Group SID:    S-1-5-21-2531268310-2106678637-3833209162-513
Full Name:            Test Staff
Home Directory:       \\elephant\testaff
HomeDir Drive:
Logon Script:
Profile Path:         \\elephant\testaff\profile
Domain:               ELEPHANT
Account desc:
Munged dial:
Logon time:           0
Logoff time:          never
Kickoff time:         never
Password last set:    Fri, 27 Jun 2008 16:50:45 EDT
Password can change:  Fri, 27 Jun 2008 16:50:45 EDT
Password must change: never
Last bad password   : 0
Bad password count  : 0

Worth a try I guess.

As it is, I'm planning on totally scrapping this existing samba file 
server when we move to using ldap passwords. The only things that need 
to carry over are the files on the file server itself. I'm totally fine 
with not using any of the data that is in tbd currently.
Is there a way to autogenerate the samba SID (since I don't necessarily 
need the one that is being used in my current samba file server) and 
whatever other samba fields might be needed for all of my existing ldap 

More information about the samba mailing list