[Samba] Re: Yet Another LDAP Question
Ryan Novosielski [EMAIL PROTECTED] wrote: > What you CAN do is use PAM_smbpass, with the migrate flag, and migrate all > of the UNIX passwords this way. This way, when a user logs in via UNIX or > Samba, their password makes it into the Samba password file. You never > actually have to turn on password encryption via smbpasswd, 'far as I > know, but this will give you a list of NT hashes to work with to then > convert. > > Does this help at all? Sorry, not in here - we've got Slackware machines without PAM. -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Yet Another LDAP Question
What you CAN do is use PAM_smbpass, with the migrate flag, and migrate all of the UNIX passwords this way. This way, when a user logs in via UNIX or Samba, their password makes it into the Samba password file. You never actually have to turn on password encryption via smbpasswd, 'far as I know, but this will give you a list of NT hashes to work with to then convert. Does this help at all? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 26 Apr 2004, Michal Kurowski wrote: > Paul Gienger [EMAIL PROTECTED] wrote: > > I believe the README is out of date. Their website says that something > > like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server > > just fine making only configuration changes like server locations, > > containers, and domain SID. I did have to hack one script for my > > purposes, but that was only because my primary ldap server is over a > > greater-latency-than-local-lan link and replication takes a couple seconds. > > > > It relates to my last question: is there any way to for unix->NT > password conversion ? > > I need to create ntAccounts from my shadow passwords (crypt-ed) in the > Ldap server. It seems there's no supported way but two problems emerge > in here: > > 1) you have to ask lots of people to type their passwords again > 2) you have no control maintain same password policy > > Cheers, > > -- > Michal Kurowski > perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; > y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Yet Another LDAP Question
> >It relates to my last question: is there any way to for unix->NT >password conversion ? > >I need to create ntAccounts from my shadow passwords (crypt-ed) in the >Ldap server. It seems there's no supported way but two problems emerge >in here: > >1) you have to ask lots of people to type their passwords again >2) you have no control maintain same password policy > Have a look at 'update encrypted' option http://samba.mirror.ac.uk/samba/docs/man/smb.conf.5.html#UPDATEENCRYPTED so long as your users are connecting to an existing samba server using plain-text passwords, then you can turn this option on and capture their passwords into a local SMB-style password file. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Yet Another LDAP Question
The UNIX passwords are stored with one-way encryption, so unless you want to brute force them all, there's really no good way to get them from the system. If you have their passwords stored in samba someplace already, like tdbsam or smbpasswd, then you can use the pdbedit command with import and export flags to move the accounts over to ldap. I did this with my 2.2.8a smbpasswd file for testing. In that case I pulled my line out into a temporary passwd file on my testbox and ran something like pdbedit --import=smbpasswd --export=ldap and my user gained the new object class and also had the password set. I would imagine you can do the same with tdbsam, although not on a user-by user basis like I did, but that was for testing anyway. Michal Kurowski wrote: Paul Gienger [EMAIL PROTECTED] wrote: I believe the README is out of date. Their website says that something like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server just fine making only configuration changes like server locations, containers, and domain SID. I did have to hack one script for my purposes, but that was only because my primary ldap server is over a greater-latency-than-local-lan link and replication takes a couple seconds. It relates to my last question: is there any way to for unix->NT password conversion ? I need to create ntAccounts from my shadow passwords (crypt-ed) in the Ldap server. It seems there's no supported way but two problems emerge in here: 1) you have to ask lots of people to type their passwords again 2) you have no control maintain same password policy Cheers, -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Yet Another LDAP Question
Paul Gienger [EMAIL PROTECTED] wrote: > I believe the README is out of date. Their website says that something > like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server > just fine making only configuration changes like server locations, > containers, and domain SID. I did have to hack one script for my > purposes, but that was only because my primary ldap server is over a > greater-latency-than-local-lan link and replication takes a couple seconds. > It relates to my last question: is there any way to for unix->NT password conversion ? I need to create ntAccounts from my shadow passwords (crypt-ed) in the Ldap server. It seems there's no supported way but two problems emerge in here: 1) you have to ask lots of people to type their passwords again 2) you have no control maintain same password policy Cheers, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba