Re: [Samba] smbpasswd to LDAP
I don't think I was clear here, I didn't say to point it at your smbpasswd file, instead I said passsword file. You already stated that you didn't have the windows passwords in LDAP so there shouldn't be any overlap there. My concern was how it would handle if you had somehow gotten the sambaSamAccount objectClass on the users already. I really do not follow what you suggested I try with the pdbedit command. All I'm interested in is the LM and NT hashes inside of the sambapassword file on my production server. How would the pdbedit command help me get those LM and NT hashes into my LDAP database on my new server? It would help you because that is exactly what it does. If you have ldap set up and working already, so that a newly added user works, the command should be something like pdbedit -i smbpasswd:/etc/smbpasswd.old otherwise you'd have to specify the ldapsam with the -e flag Quoting the man page -i passdb-backend Use a different passdb backend to retrieve users than the one specified in smb.conf. Can be used to import data into your lo- cal user database. This option will ease migration from one passdb backend to another. -e passdb-backend Exports all currently available users to the specified password database backend. This option will ease migration from one passdb backend to another and will ease backing up. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Paul Gienger <[EMAIL PROTECTED]>: > > > >>>mess. My question is Shouldn't I somehow be able to insert samba > passwords > >>> > >>> > >>into > >> > >> > >>>the LDAP database and move on? Or is it just past that point now? > >>> > >>> > >>Well, you can do one of two things, as I see it: > >>1. Try to run pdbedit with import/export flags and point it at your > >>password file. Note that I don't know what this will do with existing > >>entries' data. > >> > >> > > > >Will not work. All user passwords are already in LDAP in the current > server. > > > > > I don't think I was clear here, I didn't say to point it at your > smbpasswd file, instead I said passsword file. You already stated that > you didn't have the windows passwords in LDAP so there shouldn't be any > overlap there. My concern was how it would handle if you had somehow > gotten the sambaSamAccount objectClass on the users already. I really do not follow what you suggested I try with the pdbedit command. All I'm interested in is the LM and NT hashes inside of the sambapassword file on my production server. How would the pdbedit command help me get those LM and NT hashes into my LDAP database on my new server? > > -- > Paul GiengerOffice: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax:701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > > > This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. Will not work. All user passwords are already in LDAP in the current server. I don't think I was clear here, I didn't say to point it at your smbpasswd file, instead I said passsword file. You already stated that you didn't have the windows passwords in LDAP so there shouldn't be any overlap there. My concern was how it would handle if you had somehow gotten the sambaSamAccount objectClass on the users already. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Paul Gienger <[EMAIL PROTECTED]>: > > >mess. My question is Shouldn't I somehow be able to insert samba passwords > into > >the LDAP database and move on? Or is it just past that point now? > > > > > Well, you can do one of two things, as I see it: > 1. Try to run pdbedit with import/export flags and point it at your > password file. Note that I don't know what this will do with existing > entries' data. Will not work. All user passwords are already in LDAP in the current server. > 2. Grab the password hashes out of the file and manually insert them. This did work. I'll have to write a script to take care of this for our site here. Thanks for all the help. > > Naturally 1 would be easier. > > > -- > Paul GiengerOffice: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax:701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > > > This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? Well, you can do one of two things, as I see it: 1. Try to run pdbedit with import/export flags and point it at your password file. Note that I don't know what this will do with existing entries' data. 2. Grab the password hashes out of the file and manually insert them. Naturally 1 would be easier. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Quoting Luca Olivetti <[EMAIL PROTECTED]>: > Matt Lung wrote: > > Is there a way to take users samba passwords from an old 2.x Samba server, > and > > insert them into a new 3.x Samba server that using an LDAP backend? The > new > > server is already populated with all users and groups in LDAP and is > currently > > on a test network. All that is needed is the users samba passwords from > the > > old server that is using the smbpasswd file. > > If there aren't samba attributes in ldap you can use > > pdbedit -i smbpasswd: > > If there are already samba attributes this won't work. > > What I did was: Hmm... I don't think that will work for us here. Our users have been migrated out of the passwd and shadow file on the old server for a while now. Their account info (except their samba password) has lived in LDAP for a few years now. I'm just trying to avoid having to change all the users passwords on the new server and having a big mess. I'd like it to be very transparent. I guess if what I'm asking is impossible at this point I'm sort of heading towards the mess. My question is Shouldn't I somehow be able to insert samba passwords into the LDAP database and move on? Or is it just past that point now? When I change my password on the new server I know it is changing the sambaLMPassword attribute. So how is the migrate tool setting that from the sambapasswd file when someone is migrating? > - clean the ldap database (easy here since I was just testing) > - smbldap-populate -k 0 -a root > - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine > - remove all machine accounts, system groups and other users/groups you > don't in ldap from all these files > > at this point, if you have special characters (like, á, é, í, etc.) in > your files, you'll have to make somewhat a cleaned-up copy, since the > idealx tools don't work with non us-ascii characters > > -temporarily add users in /etc/passwd of the new machine > -pdbedit -i smbpasswd: > -remove the users previously added to /etc/passwd > -smbldap-migrate-passwd -d account -a -P -S > > -smbldap-migrate-group -a -G > > > What I done may be totally wrong, YMMV, etc., but it seems it has worked > fine so far. > Bye > -- > Luca Olivetti > Wetron Automatización S.A. http://www.wetron.es/ > Tel. +34 93 5883004 Fax +34 93 5883007 > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbpasswd to LDAP
Matt Lung wrote: Is there a way to take users samba passwords from an old 2.x Samba server, and insert them into a new 3.x Samba server that using an LDAP backend? The new server is already populated with all users and groups in LDAP and is currently on a test network. All that is needed is the users samba passwords from the old server that is using the smbpasswd file. If there aren't samba attributes in ldap you can use pdbedit -i smbpasswd: If there are already samba attributes this won't work. What I did was: - clean the ldap database (easy here since I was just testing) - smbldap-populate -k 0 -a root - obtain /etc/passwd, /etc/shadow, /etc/samba/smbpasswd from the old machine - remove all machine accounts, system groups and other users/groups you don't in ldap from all these files at this point, if you have special characters (like, á, é, í, etc.) in your files, you'll have to make somewhat a cleaned-up copy, since the idealx tools don't work with non us-ascii characters -temporarily add users in /etc/passwd of the new machine -pdbedit -i smbpasswd: -remove the users previously added to /etc/passwd -smbldap-migrate-passwd -d account -a -P -S -smbldap-migrate-group -a -G What I done may be totally wrong, YMMV, etc., but it seems it has worked fine so far. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd to LDAP
Is there a way to take users samba passwords from an old 2.x Samba server, and insert them into a new 3.x Samba server that using an LDAP backend? The new server is already populated with all users and groups in LDAP and is currently on a test network. All that is needed is the users samba passwords from the old server that is using the smbpasswd file. Thanks -- Matt Lung Midwest Tool & Die, Corp. This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Smbpasswd to LDAP migration
I have a Samba PDC running on Redhat 7.3 (samba 3.0.0 installed from binaries). I initially set it up using smbpasswd as the database backend and everything was working just fine. I've since decided to migrate everything to LDAP. I have OpenLDAP 2.0.27 installed and have set up the directory following the instructions in the Samba-HOWTO-Collection. If I use slapadd to add Samba users, they get set up in the LDAP directory just fine, and I can use those user accounts on a windows box to authenticate Workgroup shares. However, if I try to add a windows (XP PRo) machine to the domain, or try to use pdbedit to add users, I get errors. It's almost as if Samba has no problem reading the ldap directory, but can't make any modifications to it. I haven't set up Groups yet (I'm not entirely clear on how to do this since the HOWTO merely says "ldap users are responsible for adding Groups" without any indication of HOW that's supposed to be done) Command line LDAP tools such as ldapdelete and ldapmodify work just fine for adding items using .ldif files. The only ldap access lines I have are access to attrs=lmPassword,ntPassword by dn="cn=admin,ou=People,dc=pandora-net,dc=com" write by * none access to dn="" by * read If I try to add a user using pdbedit I get: ldapsam_modify_entry: Failed to add user dn= uid=asmith,ou=People with: No such object This comes after asking me for a password for the user. Oddly enough, if I try to add a user that did NOT exist in the old smbpasswd file, I get a DIFFERENT error: could not create account to add new user invaliduser I've checked and rechecked the rootdn that I have in my smb.conf file and it matches exactly with what is in slapd.conf. The password is correct as it's the same one I use to make modifications to the Directory using ldapmodify I'm not certain where I'm going wrong here. -- - "The pain of war could not exceed, the woe of aftermath. The drums will shake the castle walls The ringwraiths ride in black" -Led Zeppelin "The Battle of Evermoore" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba