Ok this works: #################################################################### #!/usr/bin/env python
import sys sys.path.insert(0, "/usr/local/samba/lib64/python2.6/site-packages") sys.path.insert(1, "/usr/local/samba/lib/python2.6/site-packages") from samba import Ldb, registry from samba.param import LoadParm from samba.provision import provision, FILL_FULL, ProvisioningError, setsysvolacl from samba.samba3 import passdb from samba.samba3 import param as s3param from samba.dcerpc import lsa, samr, security from samba.dcerpc.security import dom_sid from samba.credentials import Credentials from samba import dsdb from samba.ndr import ndr_pack from samba import unix2nttime # Convert Hex to Byte string def HexToByte( hexStr ): bytes = [] hexStr = ''.join( hexStr.split(" ") ) for i in range(0, len(hexStr), 2): bytes.append( chr( int (hexStr[i:i+2], 16 ) ) ) return ''.join( bytes ) # Connect to samba4 backend new_lp_ctx = s3param.get_context() new_lp_ctx.load("/usr/local/samba/etc/smb.conf") new_lp_ctx.set("private dir", "/usr/local/samba/private") s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend")) # Change testuser password new_userdata = s4_passdb.getsampwnam("testuser") new_userdata.nt_passwd = HexToByte("878D8014606CDA29677A44EFA1353FC7") new_userdata.lanman_passwd = HexToByte("552902031BEDE9EFAAD3B435B51404EE") s4_passdb.update_sam_account(new_userdata) #################################################################### I was missing some module paths and the extra info for connecting to the LDB database... Now I just have to generalize this procedure so that I can update the passwords every night like I do with Samba3-LDAP. Andrew, thanks for the pointers. I'm posting this in case it can help someone else. ----- Original Message ----- From: "Luc Lalonde" <luc.lalo...@polymtl.ca> To: "Andrew Bartlett" <abart...@samba.org> Cc: samba@lists.samba.org Sent: Wednesday, March 27, 2013 7:38:05 PM GMT -05:00 US/Canada Eastern Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection Hello Andrew, How would I convert the below base16 strings into raw bytes acceptable to this routine? We presently inject the NTLM passwords directly into our LDAP database for Samba3. Also, I can't seem to figure out the argument values for 'passdb.PDB'. I tried 'ldb', 'samba_dsdb'. Thanks for your help! On 2013-03-27, at 6:18 PM, Andrew Bartlett <abart...@samba.org> wrote: > On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote: >> Hello Andrew, >> >> I'm finally diving into this project... >> >> First off, my sysadmin stuff is mostly in Perl. So my Python is rudimentary >> at best. >> >> Here we go anyway... I've looked at the 'upgrade.py' but I can't seem to >> figure out how to connect to the Samba4 passwd database. >> >> In the script I see these lines: >> >> ####################################################### >> # Connect to samba4 backend >> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend")) >> ######################################################## >> >> I would appreciate a hint on how to connect to the database please. Where >> is the 'passdb' object referenced from? >> >> Once that's done, from what I understand, I should be able to change the >> passwords directly: >> >> ####################################################### >> # Change foo-user password >> admin_userdata = s4_passdb.getsampwnam("foo-user") >> admin_userdata.nt_passwd = "878D8014606CDA29677A44EFA1353FC7" >> admin_userdata.lanman_passwd = "552902031BEDE9EFAAD3B435B51404EE" >> s4_passdb.update_sam_account(admin_userdata) >> ####################################################### > > Sort of. Those values are not base16 strings, but raw bytes, but > otherwise that looks pretty much right at a first glance. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- Luc Lalonde, analyste --------------------------------------------------------------------- Département de génie informatique: École polytechnique de Montréal (514) 340-4711 x5049 luc.lalo...@polymtl.ca --------------------------------------------------------------------- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba