Hi people: I have a LDAP server running OpenLDAP that serves authentication purposes to services like ftp, imap, openvpn, etc. Now I implemented a Samba PDC based on LDAP. I did the configuration with Samba 3.2.5 on Debian Etch and smbldap-tools. I was able to join a WinXP workstation to my domain without problems but I can't login with any existing user in my LDAP directory. Then I added my user to the Samba database with "smbpasswd -a myuser" with the same current password of myuser. Now, I need to enable all LDAP users as Samba users but I don't want to run "smbpasswd" for every user because I don't know their passwords. What could be the solution to convert all my ldap users as samba users? Simply adding the corresponding objectClass and samba attributes to the users ldap entries would be enough? If this is true, what value should I use for sambaNTPassword, sambaPasswordHistory, sambaSID, among other samba attributes? I hope some can help me a bit :( Thanks :)
John H Terpstra - Samba Team
2009-Mar-05 21:35 UTC
[Samba] Adding existing ldap users as Samba users
Jason Voorhees wrote:> Hi people: > > I have a LDAP server running OpenLDAP that serves authentication > purposes to services like ftp, imap, openvpn, etc. Now I implemented a > Samba PDC based on LDAP. > I did the configuration with Samba 3.2.5 on Debian Etch and > smbldap-tools. I was able to join a WinXP workstation to my domain > without problems but I can't login with any existing user in my LDAP > directory. > > Then I added my user to the Samba database with "smbpasswd -a myuser" > with the same current password of myuser. Now, I need to enable all > LDAP users as Samba users but I don't want to run "smbpasswd" for > every user because I don't know their passwords.Have these users previously used Samba to connect to this server? Do you have an smbpasswd file or a tdbsam file? If so, there is an easy way to migrate the SambaSAM account information so long as the uid and gid for each user has not changed. You can then execute: pdbedit -i smbpasswd -e ldapsam or pdbedit -i tdbsam -e ldapsam Those actions should copy the NT passwords into a SambaSAM account extenstion in your LDAP directory.> What could be the solution to convert all my ldap users as samba > users?The UNIX password hashes can not be converted into NT password hashes.> Simply adding the corresponding objectClass and samba > attributes to the users ldap entries would be enough? If this is true, > what value should I use for sambaNTPassword, sambaPasswordHistory, > sambaSID, among other samba attributes? > > I hope some can help me a bit :( > > Thanks :)Cheers, John T.