Hello Folks, In pour present Samba-3 setup we update user passwords in our LDAP backend. We only have access to the encrypted NTLM passwords and use Perl scripts to do this. Beyond importing the user database with the 'Classic upgrade' method, will we be able to adapt our Perl scripts so that we can keep updating the internal Samba-4 database with the encrypted passwords as we did with Samba-3? We've been using Samba for many years now and very much appreciate all the work done by the Samba team. Congrats on getting Samba-4 to stable status! Thank You!
Andrew Bartlett
2012-Dec-12 03:22 UTC
[Samba] Samba 4 LDAP NTLM password nightly injection
On Tue, 2012-12-11 at 21:48 -0500, Luc Lalonde wrote:> Hello Folks, > > In pour present Samba-3 setup we update user passwords in our LDAP backend. We only have access to the encrypted NTLM passwords and use Perl scripts to do this. > > Beyond importing the user database with the 'Classic upgrade' method, will we be able to adapt our Perl scripts so that we can keep updating the internal Samba-4 database with the encrypted passwords as we did with Samba-3? > > We've been using Samba for many years now and very much appreciate all the work done by the Samba team. Congrats on getting Samba-4 to stable status!Yes, you can continue to do that. The best approach would be to set it via the ldb python bindings, specifying the DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control and unicodePwd, or via the python or C passdb API. One approach you could code from is how we set the administrator password during the 'classicupgrade' script in source4/scripting/python/samba/upgrade.py. Give that a go, but if you need more clues I'm very happy to help out. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org