SAMBA user migration??
I have inherited a rather strange setup which consists of a bunch of XP clients with local profiles and accounts pointing at a CentOS (edit, actually Fedora core 6) server running SAMBA for file and print. The plan is to migrate the existing users to a AD environment to get centralized authentication and logons.
Does anyone know if there is a way to get SAMBA to at least cough up with at least a list of the current users if not the passwords as well. I know that Windows AD can be set to encrypt passwords in a reversable encryption so I am wondering if there is a simmilar setting that would allow me to recover the current user passwords, if not what is the easiest way to reset them?
Thanks for any help in advance.
:bump: Anyone, anyone at all??
What password backend is that Samba using (it should say in smb.conf)? Figure that out and you should be able to find out in what file the passwords are stored. If nothing else you could run some kind of dictionary attack on that file to decrypt it, but I imagine that might take a bit of time.
Originally Posted by SYNACK
Thanks, I'll have a look when I am in next and report back if/when I get confused :)
Umm, looking through the smb.conf it has no password backend set but it does have a commented out value pointing to tdbsam and the comments above it suggests that is needs no further configuration to use that method. Reading some of the stuff from other sites I am now more confused as it seems to suggest that this is possibly just some kind of mapping file that then points to local linux users however I have not even managed to generate a list of the local users. I tried a couple of commands from my searches and each bombed unhelpfully. Using linux in the command line when you are new to it is like being blind in a room full of pointly things.
Are there any remote GUI tools that could be used? I have tried ssh for remote command line but this won't let me logon as root (the only password I do actually have). I will look further into adding a new user hopefully to the admins group so that I can at least do that.
Edit: now have created a new user and found the place in sshd_config to edit so I am now able to logon using putty from a different workstation while onsite. Still on the hunt for a user list though.
Edit2: (notes for when I get back there I will try)
Is the issue simply that you have a whole bunch of users who will find it a massive problem if they have to reset their passwords when they log in to the new system? If not, you could simply create the new domain, join the Samba server to it and have people set up a new password when they first log in.
Originally Posted by SYNACK
I have also inherited an interesting setup, where we have a Samba server (running on Suse Linux) as our DC, file and print server. It runs really well but a lack of AD is hampering us and a migration to Windows Server 2008R2 is planned for summer.
On Suse the password file is located in /etc/samba and the file you are looking for is smbpasswd as this will list the users. (If it is different on your setup then you need to change the file path in the command below)
If you don’t know the location of your smbpasswd file you can search using the following command, find / -name smbpasswd
To get the information out use the command cat /etc/samba/smbpasswd >> filename.txt
This will produce a txt file you can then copy from your Samba server and import into excel, the data is separated by a : on my export. The passwords are encrypted but it will give you a list of users.
Now you have remote ssh working you may find WinSCP is useful, although I mainly use putty.
Also you could try installing Webmin to help with the administration, as it would give you a GUI interface.
I couldn't put links in to the software as its my 1st post but a google will bring them up
Hope the above helps.
The issue is that I am new and trying to make a good impression, I could just reset all the passwords, assuming I can figure out how (easy if they are linux system users) but the other issue is that they are all on holiday at the moment so it would boot them from their webmail. I also have to figure out how to enable imap so that I can copy their existing emails out and into exchange using exmerge but that is a battle for after I have figured out the passwords.
Originally Posted by dhicks
Thanks, a very useful first post and welcome to the forum. I'm not sure if the users are actually stored in the smb password file as it uses the tdb format, my current plan of action is to check if the smb users exist on the linux system by using the "id username" comand and then if they do copying the \etc\passwd and \etc\shadow files onto a usb key and then finding the fastest machine that I can find and bashing the with the Jack the Ripper software in the hopes that I can recover a bunch of them and only have to reset a few.
Originally Posted by richieh
I had to give it up after a couple of hours of trying today as I could feel myself burning out, both in the temperature sense given the 32 degree C heat in the office and the career ending burnt out nurons sense.
Thanks both for your help and I will continue to post my progress.