[Samba] How to manage users with encrypted passwords
Benjamin Rocton
Benjamin.Rocton at upmf-grenoble.fr
Thu Jun 12 05:46:52 MDT 2014
Thank you for your reply.
I read the wiki about classiqueupgrade (this is the same as samba3upgrade).
I have no problem to provision samba4 with classicupgrade. It works well
and I get my users.
My problem is "after". how I create new users, how do I delete old
users. I will not re-provision with "classicupgrade" every night for a
Samba4 updated.
And I do not want this to be done manually on Samba4. There are too many
changes.
In summary:
I have an LDAP repository (openldap) with a home regimen. It contains
all the users and their encrypted passwords.
I want to regularly update Samba4 with the information contained in the
LDAP.
I don't know if I'm clear. I don't speak English very well.
Benjamin
Le 12/06/2014 13:16, Rowland Penny a écrit :
> On 12/06/14 11:54, Benjamin Rocton wrote:
>> Hi,
>>
>> I do not really understand your question. What is the difference?
> A great deal actually, samba4 can do anything that samba3 can do PLUS
> it can be set up to be an Active Directory domain controller.
>
>> I thought samba4 was necessarily an emulation of an AD DC. This is
>> not the case?
>
> Yes and no, see above response.
>
>>
>> I installed two Samba4 DC for tests:
>> - One with the "samba-tool domain provision" (server role "dc" ldap
>> internal).
>> - And another with "samba-tool domain samba3upgrade ..." to import
>> the data from the current Samba3.
>>
>
> Initially you only need one 'unprovisioned' samba4 AD DC and the
> command to run is:
>
> samba-tool domain classicupgrade
>
> This should extract the info from your S3 PDC and provision S4.
>
> I would suggest that you go and read the samba wiki, specifically this
> page:
>
> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
>
>
> I would also hope that you are doing this in a test situation i.e. not
> in production.
>
>> The goal is to have a Samba4 AD DC.
>>
>> I do not know if I answered the question. Sorry.
>
> Yes, you did, I hope my answers help you to get to your goal.
>
> Rowland
>>
>> Benjamin
>>
>> Le 12/06/2014 12:21, Rowland Penny a écrit :
>>> On 12/06/14 10:52, Benjamin Rocton wrote:
>>>> Hello,
>>>>
>>>> I set up Samba4 to replace our Samba3. I am having problems to
>>>> populate samba4 and automatically manage the lifecycle of users.
>>>> All of our users are already in an LDAP directory and I would like
>>>> to create a connector for "synchronised" LDAP users to Samba4.
>>>> I thought to develop a script that would use Python libraries of
>>>> Samba-tool.
>>>>
>>>> I have a problem to manage passwords.
>>>> I can not have access to user passwords in clear text. But I can
>>>> have it in any encrypted form.
>>>> Are there a solution to push a Hash password to Samba4? If yes,
>>>> what kind of Hash?
>>>>
>>>> In addition, where are stored the passwords in Samba4? Only in the
>>>> LDAP? In kerberos? Elsewhere?
>>>> In what form?
>>>> I did not find any info on it.
>>>>
>>>> Thank you for your help.
>>>>
>>>> Regards,
>>>> Benjamin
>>>>
>>> Hi, when you say 'I set up Samba4 to replace our Samba3.' just how
>>> have you setup samba4 ? Have you used samba4 just like samba3 or
>>> have you set up an AD DC ?
>>>
>>> Once you answer the above, I am sure that we can move on to help you
>>> get to a working solution.
>>>
>>> Rowland
>>
>
More information about the samba
mailing list