Исправлено - Windiws NT to Samba3 + OpenLDAP migrations проблемы возникли

Возникла серьезная проблема.

При миграции из Вин НТ, после выполнения net rpc vampire

У пользователей поля sambaNTPassword и sambaLMPassword содержат ХХХ.

Самба 3.0.11. Скрипты от idealx последние.

если руками вызывать smbldap-passwd user - то поля прописываются.

В LDAP на вский пожарный разрешил все всем.

Если использовать tbsam - тогда все пучком :(

smb.conf

=================

[global]

workgroup = AAA

netbios name = AAA-180

server string = AAA PDC Samba

security = user

encrypt passwords = Yes

obey pam restrictions = No passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n"

log level = 2

syslog = 0

log file = /var/log/samba/log.%m

max log size = 100000

time server = Yes

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

mangling method = hash2

# Dos charset = 850 # Unix charset = ISO8859-1

logon path = \\%L\profiles\%U

logon home = \\%L\%U\.profile

logon drive = P:

logon script = scripts\logon.bat

domain logons = Yes

os level = 65

preferred master = Yes

domain master = no

# passdb backend = tdbsam

passdb backend = ldapsam:ldap://127.0.0.1/ ldap filter = (&(objectclass=sambaSamAccount)(uid=%u))

ldap admin dn = cn=Manager,o=org

ldap suffix = ou=Moscow,o=org

ldap group suffix = ou=Groups

ldap user suffix = ou=Users

ldap machine suffix = ou=Computers

ldap idmap suffix = ou=Users

ldap ssl = off passwd program = /var/lib/samba/sbin/smbldap-passwd '%u'

ldap password sync = Yes

unix password sync = Yes

# тут пробовал без -а - но тогда полная фигня получалась :( и

# группу пришлось руками указывать.

add user script = /var/lib/samba/sbin/smbldap-useradd -a -g "513" '%u'

ldap delete dn = Yes

delete user script = /var/lib/samba/sbin/smbldap-userdel '%u'

add machine script = /var/lib/samba/sbin/smbldap-useradd -w '%u'

add group script = /var/lib/samba/sbin/smbldap-groupadd -p '%g'

delete group script = /var/lib/samba/sbin/smbldap-groupdel '%g'

add user to group script = /var/lib/samba/sbin/smbldap-groupmod -m '%u' '%g'

delete user from group script = /var/lib/samba/sbin/smbldap-groupmod -x '%u' '%g'

set primary group script = /var/lib/samba/sbin/smbldap-usermod -g '%g' '%u'

# printers configuration

printer admin = @"Print Operators"

load printers = no

create mask = 0640

directory mask = 0750

nt acl support = No

printing = cups

deadtime = 10

guest account = nobody

map to guest = Bad User

dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd

show add printer wizard = yes

; to maintain capital letters in shortcuts in any of the profile folders:

preserve case = yes

short preserve case = yes

case sensitive = no

[homes]

comment = Home directory %U, %u

read only = No

create mask = 0644

directory mask = 0775

browseable = No

[netlogon]

path = /var/lib/samba/netlogon/

browseable = No

read only = yes

[profiles]

path = /var/lib/samba/profiles

read only = no

create mask = 0600

directory mask = 0700

browseable = No

guest ok = Yes

profile acls = yes

csc policy = disable

# next line is a great way to secure the profiles

force user = %U

# next line allows administrator to access all profiles

valid users = %U "Domain Admins"