Re: [Samba] Re: Yet Another LDAP Question

The UNIX passwords are stored with one-way encryption, so unless you
want to brute force them all, there's really no good way to get them
from the system. If you have their passwords stored in samba someplace
already, like tdbsam or smbpasswd, then you can use the pdbedit command
with import and export flags to move the accounts over to ldap. I did
this with my 2.2.8a smbpasswd file for testing. In that case I pulled
my line out into a temporary passwd file on my testbox and ran something
like
pdbedit --import=smbpasswd --export=ldap
and my user gained the new object class and also had the password set.
I would imagine you can do the same with tdbsam, although not on a
user-by user basis like I did, but that was for testing anyway.



Michal Kurowski wrote:

>Paul Gienger [pgienger@ae-solutions.com] wrote:
>
>
>>I believe the README is out of date. Their website says that something
>>like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server
>>just fine making only configuration changes like server locations,
>>containers, and domain SID. I did have to hack one script for my
>>purposes, but that was only because my primary ldap server is over a
>>greater-latency-than-local-lan link and replication takes a couple seconds.
>>
>>
>>
>
>It relates to my last question: is there any way to for unix->NT
>password conversion ?
>
>I need to create ntAccounts from my shadow passwords (crypt-ed) in the
>Ldap server. It seems there's no supported way but two problems emerge
>in here:
>
>1) you have to ask lots of people to type their passwords again
>2) you have no control maintain same password policy
>
>Cheers,
>
>
>

--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.com mailto:pgienger@ae-solutions.com


--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba