Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] OpenLDAP Samba4 Password Sync
246 views
Skip to first unread message
Denis Witt
Mar 5, 2013, 10:30:03 AM3/5/13
to
Hi List,
we currently evaluate Samba4. We've learned so far that we have to use
our OpenLDAP-Server for some tools beside Samba4. So we wrote a script
that creates Samba4-AD Users when we add them to OpenLDAP. The problem
is that we need to sync the passwords when an user changes it within
Windows. How can we get the Password Hash from Samba4-AD and is there a
way to write it (in case the OpenLDAP password changes).
Thanks.
Best regards
Denis Witt
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
we currently evaluate Samba4. We've learned so far that we have to use
our OpenLDAP-Server for some tools beside Samba4. So we wrote a script
that creates Samba4-AD Users when we add them to OpenLDAP. The problem
is that we need to sync the passwords when an user changes it within
Windows. How can we get the Password Hash from Samba4-AD and is there a
way to write it (in case the OpenLDAP password changes).
Thanks.
Best regards
Denis Witt
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
TAKAHASHI Motonobu
Mar 5, 2013, 11:10:02 AM3/5/13
to
From: Denis Witt <denis...@concepts-and-training.de>
Date: Tue, 5 Mar 2013 16:22:22 +0100
> we currently evaluate Samba4. We've learned so far that we have to use
> our OpenLDAP-Server for some tools beside Samba4. So we wrote a script
> that creates Samba4-AD Users when we add them to OpenLDAP. The problem
> is that we need to sync the passwords when an user changes it within
> Windows. How can we get the Password Hash from Samba4-AD and is there a
> way to write it (in case the OpenLDAP password changes).
Does this articles help you?
https://lists.samba.org/archive/samba/2013-March/171956.html
As far as I read, this python script can export the Hash.
--
TAKAHASHI Motonobu <mo...@monyo.com> / @damemonyo
facebook.com/takahashi.motonobu
Date: Tue, 5 Mar 2013 16:22:22 +0100
> we currently evaluate Samba4. We've learned so far that we have to use
> our OpenLDAP-Server for some tools beside Samba4. So we wrote a script
> that creates Samba4-AD Users when we add them to OpenLDAP. The problem
> is that we need to sync the passwords when an user changes it within
> Windows. How can we get the Password Hash from Samba4-AD and is there a
> way to write it (in case the OpenLDAP password changes).
https://lists.samba.org/archive/samba/2013-March/171956.html
As far as I read, this python script can export the Hash.
--
TAKAHASHI Motonobu <mo...@monyo.com> / @damemonyo
facebook.com/takahashi.motonobu
Denis Witt
Mar 6, 2013, 3:00:01 PM3/6/13
to
Am 05.03.2013 um 17:09 schrieb TAKAHASHI Motonobu <mo...@monyo.com>:
>> we currently evaluate Samba4. We've learned so far that we have to use
>> our OpenLDAP-Server for some tools beside Samba4. So we wrote a script
>> that creates Samba4-AD Users when we add them to OpenLDAP. The problem
>> is that we need to sync the passwords when an user changes it within
>> Windows. How can we get the Password Hash from Samba4-AD and is there a
>> way to write it (in case the OpenLDAP password changes).
>
> Does this articles help you?
> https://lists.samba.org/archive/samba/2013-March/171956.html
> As far as I read, this python script can export the Hash.
thanks for your reply. The Tool-Website states:
> Reads from your Samba4 AD and updates changes password to Google Apps in SHA1 format. Note that this solution requires you to run:
>
> samba-tool domain passwordsettings set --store-plaintext=on
>
> Also you will have to use "Store passwords using reversible encryption" for each users. This can be enabled with MS Active Directory snap in tool from Windows.
Doesn't sound like a thing you want to do, but seems to be the only way at the moment.
At least the sync from OpenLDAP to AD must be possible without those restrictions as samba-tools can transfer the password settings when you do the classic upgrade. So I might try to disallow the users to change their passwords with Windows, force them to change the OpenLDAP-Password-Entry and sync it back to AD (if this is possible when password change is disabled).
Best regards
Denis Witt
0 new messages