James R. Leu
2009-Feb-25 05:44 UTC
[Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
Hello,
I've started working with samba4-alpha6. I've been successful
in setting up an AD with an openldap backend. I'm now
shifting my focus to how I would go about migrating to
a samba4 setup from a microsoft AD implementation.
To that end I've written a perl script that uses Net::LDAP
to create users in the samba4 LDAP backend. I can create
the user in such a way that samba4 is happy with it, but
I'm unable to set an initial password for the user.
I've tried using a template user that has a known password
and then duplicating that users nTSecurityDescriptor, but that
doesn't seem to work. I've tried creating a unicodePwd entry
with the following code:
my $charmap = Unicode::Map8->new('latin1') or die $!;
my $unipwd =
$charmap->tou(qq{"$passwd"})->byteswap()->utf16();
But that doesn't seem to work either.
I was wondering if anyone working with samba4 could recommend
a way to create users programmatically. If a mechanism does not
exist, perhaps someone could point me in the right direction to
add the necessary hooks to samab4 to allow it.
--
James R. Leu
jleu@mindspring.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20090224/7baac195/attachment.bin
Andrew Bartlett
2009-Apr-06 04:39 UTC
[Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
On Tue, 2009-02-24 at 23:44 -0600, James R. Leu wrote:> Hello, > > I've started working with samba4-alpha6. I've been successful > in setting up an AD with an openldap backend. I'm now > shifting my focus to how I would go about migrating to > a samba4 setup from a microsoft AD implementation. > > To that end I've written a perl script that uses Net::LDAP > to create users in the samba4 LDAP backend. I can create > the user in such a way that samba4 is happy with it, but > I'm unable to set an initial password for the user. > > I've tried using a template user that has a known password > and then duplicating that users nTSecurityDescriptor, but that > doesn't seem to work. I've tried creating a unicodePwd entry > with the following code: > > my $charmap = Unicode::Map8->new('latin1') or die $!; > my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16(); > > But that doesn't seem to work either. > > I was wondering if anyone working with samba4 could recommend > a way to create users programmatically. If a mechanism does not > exist, perhaps someone could point me in the right direction to > add the necessary hooks to samab4 to allow it.This should now work in Samba4, thanks to work to get Windows 7 to join the domain. We also support an extension: You may set 'userPassword' with a utf8 password, rather than the silly UCS2 in quotes format of unicodePwd. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20090406/be999ac7/attachment.bin
Apparently Analagous Threads
- Missing rpms for samba-ldap script
- [RFC][PATCH] Detect and handle PAM changing user name
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"