samba - Jan 2006 - create smbpasswd/tdbsam from ldapsam/LDAP query?

As some of you may know, I'm trying to set up Samba BDC on a disk- and
fan-less tiny mipsel_CPU router running OpenWRT distribution.

I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and they
seem to work fine.

The problem is, this tiny distribution for routers doesn't seem to have
anything like Name Service Switch (NSS), and relies solely on /etc/passwd
and /etc/group.

In other words, Samba will be unable to get users from LDAP.

I thought that perhaps a workaround would be to fetch all needed info from the
LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam
perhaps).

Is it possible to do so?

Or perhaps there are some tools for converting ldapsam to tdbsam?


-- 
Tomasz Chmielewski
htp://wpkg.org

On Mon, 2006-01-23 at 17:08 +0100, Tomasz Chmielewski
wrote:
> As some of you may know, I'm trying to set up Samba BDC on a disk- and
fan-less tiny mipsel_CPU router running OpenWRT distribution.
> 
> I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and
they seem to work fine.
> 
> The problem is, this tiny distribution for routers doesn't seem to have
anything like Name Service Switch (NSS), and relies solely on /etc/passwd
> and /etc/group.
> 
> In other words, Samba will be unable to get users from LDAP.
> 
> I thought that perhaps a workaround would be to fetch all needed info from
the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam
> perhaps).
> 
> Is it possible to do so?
> 
> Or perhaps there are some tools for converting ldapsam to tdbsam?
pdbedit -i -e and look also at importing mapped users

however probably, given it is a BDC, the best thing is to sync the
passwd and group from ldap.

you may also try to experiment with ldapsam:trusted parameter

Simo.

-- 
Simo Sorce
Samba Team
email: idra@samba.org
http://samba.org/~idra

On Mon, 2006-01-23 at 11:22 -0500, simo wrote:
> > Or perhaps there are some tools for converting ldapsam to tdbsam?
> 
> pdbedit -i -e and look also at importing mapped users
sorry I wrote it wrong. This meant to be mapped *groups* not users

-- 
Simo Sorce
Samba Team
email: idra@samba.org
http://samba.org/~idra

> As some of you may know, I'm trying to set up Samba BDC on a disk- and
fan-less tiny mipsel_CPU router running OpenWRT distribution.
>
> I already managed to compile Samba 3.0.21a and OpenLDAP 2.3.18 for it, and
they seem to work fine.
>
> The problem is, this tiny distribution for routers doesn't seem to have
anything like Name Service Switch (NSS), and relies solely on /etc/passwd
> and /etc/group.
it doesn't have to be NSS.
You can use /etc/passwd for name <--> uid mapping and ldap for NT/LM 
hashes.
>
> In other words, Samba will be unable to get users from LDAP.
it doesn't have to :-)
>
> I thought that perhaps a workaround would be to fetch all needed info from
the LDAP, and create proper /etc/passwd and smbpasswd files (or tdbsam
> perhaps).
hashed user password are somewhat very different in terms of ldap and 
passwd. You can use pam, but You don't need it for samba.
>
> Is it possible to do so?
>
> Or perhaps there are some tools for converting ldapsam to tdbsam?
pdbedit

it is beatiful thing for converting from anything to anything :-)
>
>
> -- 
> Tomasz Chmielewski
> htp://wpkg.org
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>

Ilia Chipitsine schrieb:

(...)

 >> As you said, smbpasswd has no group ID entries.
 >
 >
 >
 > oops, I missed primary GID for /etc/passwd
 >
 > ok, I'll ask our guys about XSL, I think it will do all the job.


(...)

I think I found it: the tool is called ldap2pass and can be found here 
in the ldaputils package:

http://www.fanying.com/projects/ldaputils.html

Be careful, it will overwrite your /etc/group, /etc/passwd and 
/etc/shadow files! :)


-- 
Tomasz Chmielewski
http://wpkg.org