On 11/30/12 16:11, Brian Gold wrote:
On 2012-11-30 4:01 pm, Gaiseric Vandal wrote:
So when you run pdbedit -Lv for a user, is the "Unix user" name is an
account in ldap? If that is the case, then you probably just want to
have a script that runs that runs thru a list of user names and they
runs ldapmodify to add the appropriate samba attributes. In theory
you can use pdbedit to export the data, then change the backend, then
import it back. I found that didn't quite work.
I had originally used nis backend for unix accounts and TBD backend
for samba. I moved from NIS to LDAP for unix accounts. Then when I
added a BDC I moved the samba data into ldap. I had used smbpasswd
to dump the data to a text file, then wrote a perl script to parse the
file into user name, samba SID, and samba password and then rewrite
it into an ldapmodify ldif file. I used this file to update the
existing LDAP accounts.
You MAYBE can use smbpasswd or pdbedit to create the samba accounts
in LDAP but I suspect that either it won't preserve the existing
password OR it may refuse to create the account.
Here is the output for that same user when I do a pdbedit. The "unix
username" is being pulled from ldap.
pdbedit -Lv testaff
Unix username: testaff
NT username:
Account Flags: [U ]
User SID: S-1-5-21-2531268310-2106678637-3833209162-15782
Primary Group SID: S-1-5-21-2531268310-2106678637-3833209162-513
Full Name: Test Staff
Home Directory: \\elephant\testaff
HomeDir Drive:
Logon Script:
Profile Path: \\elephant\testaff\profile
Domain: ELEPHANT
Account desc:
Workstations:
Munged dial:
Logon time: 0
Logoff time: never
Kickoff time: never
Password last set: Fri, 27 Jun 2008 16:50:45 EDT
Password can change: Fri, 27 Jun 2008 16:50:45 EDT
Password must change: never
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Worth a try I guess.
As it is, I'm planning on totally scrapping this existing samba file
server when we move to using ldap passwords. The only things that need
to carry over are the files on the file server itself. I'm totally
fine with not using any of the data that is in tbd currently.
Is there a way to autogenerate the samba SID (since I don't
necessarily need the one that is being used in my current samba file
server) and whatever other samba fields might be needed for all of my
existing ldap accounts?
If you write a script you could probably increment the SID for each
entry. The pdbedit and smbpasswd commands will create all the
necessary fields , including automatically creating a unique SID. But I
just know if it will complain the account already exsits. I think it
won't complain the account exists (since not all the necessary fields
are there) BUT it will probably complain that the account could not be
created. I don't think you will know til you test it.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
