-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > ------------------------------ > > Message: 13 > Date: Fri, 30 May 2003 12:06:28 +0200 > From: Jose Antonio G?mez Mu?oz <[EMAIL PROTECTED]> > Subject: [Samba] load password users in Ldap > To: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hello, > > I'm new in Samba Ldap. I use samba-2.2.3a and openldap2-2.1.4-46.
Please use a newer version of samba, firstly 2.2.3a is vulnerable to a remote root exploit, secondly, a lot of changes required for good LDAP operation are only available in later (ie 2.2.7a or later) releases. > I am going to load in Ldap a lot of users in a ldif file as it is > shown below. But I don't know how to put samba password. I can use: > smbpasswd juan1 > > and then the fields lmPassword and ntPassword are changed. In this > way, after load all users in Ldap I would need a script to do a > smbpasswd for each user automatically, without prompt me for each one. > ¿ How can I do to avoid prompting me ? See the mkntpwd program in examples/LDAP/smbldap-tools/mkntpwd for a tool that will create LM and NT hashes for you from a clear-text password. If you already have samba passwords in an smbpasswd file, see import_smbpasswd.pl in examples/LDAP, If you have users in passwd files, you can also import a lot of the information using the migration tools. > > I think it is better to put the real password in lmPassword and > ntPassword but it doesn't work. Which is the easiest method to put the > samba password in the load process? > > ldif file > ============== > > dn: uid=juan1, ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es > cn: juan1 > objectClass: sambaAccount > objectClass: posixAccount > uid: juan1 > pwdLastSet: 0 > logonTime: 0 > logoffTime: 2147483647 > kickoffTime: 2147483647 > pwdCanChange: 0 > pwdMustChange: 2147483647 > userPassword: hola > lmPassword: 37D5B8AB8069F5B8AB5B8AB8B8AB8069 > ntPassword: 5B8AB8B8AB85B8A5B8AB8B8AB82BE319 > acctFlags: [UX ] > uidNumber: 1020 > gidNumber: 1001 > loginShell: /bin/bash > rid: 3040 > primaryGroupID: 513 > homeDirectory: /dev/null > > > > > /etc/samba/smb.conf > ==================== > ldap server = localhost > ldap port = 389 > ldap suffix = "ou=smb, dc=Colegio Oficial de Arquitectos de Madrid, dc=es" > ldap admin dn = "cn=Manager, dc=Colegio Oficial de Arquitectos de Madrid, dc=es" Your suffix implies that you own the domain "Colegio Oficial de Arquitectos de Madrid.es" (dc means domain component), you may want to rather use o=Colegio Oficial de Arquitectos de Madrid,c=es instead, or a real domain-type suffix. BTW, you may want to review these documents, which cover a lot of the issues: http://www.mandrakesecure.net/en/docs/samba-pdc.php http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php (note, some minor modifications may occur to these documents still ...) Since you are using openldap-2.1, you should also look at this document: http://www.unav.es/cti/ldap-smb/ldap-smb-2_2-howto.html#AUXILIARY (at this stage, openldap-2.0.x may be a better choice, just because it is understood better, and all the available schemas work with it). Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE+11KJrJK6UGDSBKcRApjTAJ9QL5MbtkMx1uZIygPnXwxYLXexTgCfUX7/ 6gLzfRnhEgmjsBk9DKvHXX8= =JPIb -----END PGP SIGNATURE----- ****************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer. ****************************************************************** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba