[Samba] How to manage users with encrypted passwords
Rowland Penny
rowlandpenny at googlemail.com
Thu Jun 12 05:16:23 MDT 2014
On 12/06/14 11:54, Benjamin Rocton wrote:
> Hi,
>
> I do not really understand your question. What is the difference?
A great deal actually, samba4 can do anything that samba3 can do PLUS it
can be set up to be an Active Directory domain controller.
> I thought samba4 was necessarily an emulation of an AD DC. This is not
> the case?
Yes and no, see above response.
>
> I installed two Samba4 DC for tests:
> - One with the "samba-tool domain provision" (server role "dc" ldap
> internal).
> - And another with "samba-tool domain samba3upgrade ..." to import the
> data from the current Samba3.
>
Initially you only need one 'unprovisioned' samba4 AD DC and the command
to run is:
samba-tool domain classicupgrade
This should extract the info from your S3 PDC and provision S4.
I would suggest that you go and read the samba wiki, specifically this page:
https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
I would also hope that you are doing this in a test situation i.e. not
in production.
> The goal is to have a Samba4 AD DC.
>
> I do not know if I answered the question. Sorry.
Yes, you did, I hope my answers help you to get to your goal.
Rowland
>
> Benjamin
>
> Le 12/06/2014 12:21, Rowland Penny a écrit :
>> On 12/06/14 10:52, Benjamin Rocton wrote:
>>> Hello,
>>>
>>> I set up Samba4 to replace our Samba3. I am having problems to
>>> populate samba4 and automatically manage the lifecycle of users.
>>> All of our users are already in an LDAP directory and I would like
>>> to create a connector for "synchronised" LDAP users to Samba4.
>>> I thought to develop a script that would use Python libraries of
>>> Samba-tool.
>>>
>>> I have a problem to manage passwords.
>>> I can not have access to user passwords in clear text. But I can
>>> have it in any encrypted form.
>>> Are there a solution to push a Hash password to Samba4? If yes, what
>>> kind of Hash?
>>>
>>> In addition, where are stored the passwords in Samba4? Only in the
>>> LDAP? In kerberos? Elsewhere?
>>> In what form?
>>> I did not find any info on it.
>>>
>>> Thank you for your help.
>>>
>>> Regards,
>>> Benjamin
>>>
>> Hi, when you say 'I set up Samba4 to replace our Samba3.' just how
>> have you setup samba4 ? Have you used samba4 just like samba3 or have
>> you set up an AD DC ?
>>
>> Once you answer the above, I am sure that we can move on to help you
>> get to a working solution.
>>
>> Rowland
>
More information about the samba
mailing list