James R. Leu
2009-Feb-25 05:44 UTC
[Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
Hello, I've started working with samba4-alpha6. I've been successful in setting up an AD with an openldap backend. I'm now shifting my focus to how I would go about migrating to a samba4 setup from a microsoft AD implementation. To that end I've written a perl script that uses Net::LDAP to create users in the samba4 LDAP backend. I can create the user in such a way that samba4 is happy with it, but I'm unable to set an initial password for the user. I've tried using a template user that has a known password and then duplicating that users nTSecurityDescriptor, but that doesn't seem to work. I've tried creating a unicodePwd entry with the following code: my $charmap = Unicode::Map8->new('latin1') or die $!; my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16(); But that doesn't seem to work either. I was wondering if anyone working with samba4 could recommend a way to create users programmatically. If a mechanism does not exist, perhaps someone could point me in the right direction to add the necessary hooks to samab4 to allow it. -- James R. Leu jleu@mindspring.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20090224/7baac195/attachment.bin
Andrew Bartlett
2009-Apr-06 04:39 UTC
[Samba] Samba4: programmatic account creation via LDAP (unicodePwd)
On Tue, 2009-02-24 at 23:44 -0600, James R. Leu wrote:> Hello, > > I've started working with samba4-alpha6. I've been successful > in setting up an AD with an openldap backend. I'm now > shifting my focus to how I would go about migrating to > a samba4 setup from a microsoft AD implementation. > > To that end I've written a perl script that uses Net::LDAP > to create users in the samba4 LDAP backend. I can create > the user in such a way that samba4 is happy with it, but > I'm unable to set an initial password for the user. > > I've tried using a template user that has a known password > and then duplicating that users nTSecurityDescriptor, but that > doesn't seem to work. I've tried creating a unicodePwd entry > with the following code: > > my $charmap = Unicode::Map8->new('latin1') or die $!; > my $unipwd = $charmap->tou(qq{"$passwd"})->byteswap()->utf16(); > > But that doesn't seem to work either. > > I was wondering if anyone working with samba4 could recommend > a way to create users programmatically. If a mechanism does not > exist, perhaps someone could point me in the right direction to > add the necessary hooks to samab4 to allow it.This should now work in Samba4, thanks to work to get Windows 7 to join the domain. We also support an extension: You may set 'userPassword' with a utf8 password, rather than the silly UCS2 in quotes format of unicodePwd. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Red Hat Inc. http://redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.samba.org/archive/samba/attachments/20090406/be999ac7/attachment.bin
Possibly Parallel Threads
- Missing rpms for samba-ldap script
- [RFC][PATCH] Detect and handle PAM changing user name
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"
- How to set `unicodePwd`? "it's not allowed to set the NT hash password directly"