[Samba] Samba file server using ldap backend without AD or PDC?
Gaiseric Vandal
gaiseric.vandal at gmail.com
Fri Nov 30 16:09:53 MST 2012
On 11/30/12 16:11, Brian Gold wrote:
> On 2012-11-30 4:01 pm, Gaiseric Vandal wrote:
>> So when you run pdbedit -Lv for a user, is the "Unix user" name is an
>> account in ldap? If that is the case, then you probably just want to
>> have a script that runs that runs thru a list of user names and they
>> runs ldapmodify to add the appropriate samba attributes. In theory
>> you can use pdbedit to export the data, then change the backend, then
>> import it back. I found that didn't quite work.
>>
>>
>> I had originally used nis backend for unix accounts and TBD backend
>> for samba. I moved from NIS to LDAP for unix accounts. Then when I
>> added a BDC I moved the samba data into ldap. I had used smbpasswd
>> to dump the data to a text file, then wrote a perl script to parse the
>> file into user name, samba SID, and samba password and then rewrite
>> it into an ldapmodify ldif file. I used this file to update the
>> existing LDAP accounts.
>>
>> You MAYBE can use smbpasswd or pdbedit to create the samba accounts
>> in LDAP but I suspect that either it won't preserve the existing
>> password OR it may refuse to create the account.
>>
>
> Here is the output for that same user when I do a pdbedit. The "unix
> username" is being pulled from ldap.
> pdbedit -Lv testaff
> Unix username: testaff
> NT username:
> Account Flags: [U ]
> User SID: S-1-5-21-2531268310-2106678637-3833209162-15782
> Primary Group SID: S-1-5-21-2531268310-2106678637-3833209162-513
> Full Name: Test Staff
> Home Directory: \\elephant\testaff
> HomeDir Drive:
> Logon Script:
> Profile Path: \\elephant\testaff\profile
> Domain: ELEPHANT
> Account desc:
> Workstations:
> Munged dial:
> Logon time: 0
> Logoff time: never
> Kickoff time: never
> Password last set: Fri, 27 Jun 2008 16:50:45 EDT
> Password can change: Fri, 27 Jun 2008 16:50:45 EDT
> Password must change: never
> Last bad password : 0
> Bad password count : 0
> Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
>
>
>
> Worth a try I guess.
>
> As it is, I'm planning on totally scrapping this existing samba file
> server when we move to using ldap passwords. The only things that need
> to carry over are the files on the file server itself. I'm totally
> fine with not using any of the data that is in tbd currently.
> Is there a way to autogenerate the samba SID (since I don't
> necessarily need the one that is being used in my current samba file
> server) and whatever other samba fields might be needed for all of my
> existing ldap accounts?
If you write a script you could probably increment the SID for each
entry. The pdbedit and smbpasswd commands will create all the
necessary fields , including automatically creating a unique SID. But I
just know if it will complain the account already exsits. I think it
won't complain the account exists (since not all the necessary fields
are there) BUT it will probably complain that the account could not be
created. I don't think you will know til you test it.
More information about the samba
mailing list