-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> ------------------------------
>
> Message: 13
> Date: Fri, 30 May 2003 12:06:28 +0200
> From: Jose Antonio G?mez Mu?oz <jagomez@coam.org>
> Subject: [Samba] load password users in Ldap
> To: <samba@lists.samba.org>
> Message-ID: <01e301c32693$2315b8e0$8f05a8c0@coam.org>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
> I'm new in Samba Ldap. I use samba-2.2.3a and openldap2-2.1.4-46.
Please use a newer version of samba, firstly 2.2.3a is vulnerable to a
remote root exploit, secondly, a lot of changes required for good LDAP
operation are only available in later (ie 2.2.7a or later) releases.
> I am going to load in Ldap a lot of users in a ldif file as it is
> shown below. But I don't know how to put samba password. I can use:
> smbpasswd juan1
>
> and then the fields lmPassword and ntPassword are changed. In this
> way, after load all users in Ldap I would need a script to do a
> smbpasswd for each user automatically, without prompt me for each one.
> ? How can I do to avoid prompting me ?
See the mkntpwd program in examples/LDAP/smbldap-tools/mkntpwd for a
tool that will create LM and NT hashes for you from a clear-text password.
If you already have samba passwords in an smbpasswd file, see
import_smbpasswd.pl in examples/LDAP, If you have users in passwd files,
you can also import a lot of the information using the migration tools.
>
> I think it is better to put the real password in lmPassword and
> ntPassword but it doesn't work. Which is the easiest method to put the
> samba password in the load process?
>
> ldif file
> =============>
> dn: uid=juan1, ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es
> cn: juan1
> objectClass: sambaAccount
> objectClass: posixAccount
> uid: juan1
> pwdLastSet: 0
> logonTime: 0
> logoffTime: 2147483647
> kickoffTime: 2147483647
> pwdCanChange: 0
> pwdMustChange: 2147483647
> userPassword: hola
> lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069
> ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319
> acctFlags: [UX ]
> uidNumber: 1020
> gidNumber: 1001
> loginShell: /bin/bash
> rid: 3040
> primaryGroupID: 513
> homeDirectory: /dev/null
>
>
>
>
> /etc/samba/smb.conf
> ===================> ldap server = localhost
> ldap port = 389
> ldap suffix = "ou=smb, dc=Colegio Oficial de Arquitectos de Madrid,
dc=es"
> ldap admin dn = "cn=Manager, dc=Colegio Oficial de Arquitectos de
Madrid, dc=es"
Your suffix implies that you own the domain "Colegio Oficial de
Arquitectos de Madrid.es" (dc means domain component), you may want to
rather use o=Colegio Oficial de Arquitectos de Madrid,c=es instead, or a
real domain-type suffix.
BTW, you may want to review these documents, which cover a lot of the
issues:
http://www.mandrakesecure.net/en/docs/samba-pdc.php
http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php
(note, some minor modifications may occur to these documents still ...)
Since you are using openldap-2.1, you should also look at this document:
http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#AUXILIARY
(at this stage, openldap-2.0.x may be a better choice, just because it
is understood better, and all the available schemas work with it).
Regards,
Buchan
- --
|--------------Another happy Mandrake Club member--------------|
Buchan Milne Mechanical Engineer, Network Manager
Cellphone * Work +27 82 472 2231 * +27 21 8828820x202
Stellenbosch Automotive Engineering http://www.cae.co.za
GPG Key http://ranger.dnsalias.com/bgmilne.asc
1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+11KJrJK6UGDSBKcRApjTAJ9QL5MbtkMx1uZIygPnXwxYLXexTgCfUX7/
6gLzfRnhEgmjsBk9DKvHXX8=JPIb
-----END PGP SIGNATURE-----
******************************************************************
Please click on http://www.cae.co.za/disclaimer.htm to read our
e-mail disclaimer.
******************************************************************