0

I'm attempting to export my samba users and then import them (the ultimate goal is to do this between machines, but right now I just want to do the one test user on my newly installed server). I've created the user 'testuser' and done smbpasswd -a on it, and the user works (I can access it's home directory using samba).

pdbedit -e smbpasswd:test.export

gives me the file:

testuser:1:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:7B90AA08B1243A36E6BD19232DD334F7:[U          ]:LCT-62BAFB03:

Which surely looks to me like it has a password hash in it. I then delete the samba user (smbpasswd -x testuser), and try to import:

pdbedit -i smbpasswd:test.export

Which gives no output, and doesn't import the user.

pdbedit -i smbpasswd:test.export -d10

gives

export_database: username="(NULL)"
startsmbfilepwent_internal: opening file test.export
getsmbfilepwent: LM password for user testuser invalidated
getsmbfilepwent: returning passwd entry for user testuser, uid 1
Finding user testuser
Trying _Get_Pwnam(), username as lowercase is testuser
Get_Pwnam_internals did find user [testuser]!
pdb_set_username: setting username testuser, was
pdb_set_full_name: setting full name , was
pdb_set_domain: setting domain BRAIN3, was
pdb_set_profile_path: setting profile path \\BRAIN3\testuser\profile, was
pdb_set_homedir: setting home dir \\BRAIN3\testuser, was
pdb_set_dir_drive: setting dir drive , was NULL
pdb_set_logon_script: setting logon script , was
pdb_set_user_sid: setting user sid S-1-5-21-1587438053-288431040-2563487571-3000
pdb_set_user_sid_from_rid:
        setting user sid S-1-5-21-1587438053-288431040-2563487571-3000 from rid 3000
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
Processing account testuser
smbpasswd_getsampwrid: search by sid: S-1-5-21-1587438053-288431040-2563487571-3000
startsmbfilepwent_internal: opening file test.export
getsmbfilepwent: LM password for user testuser invalidated
getsmbfilepwent: returning passwd entry for user testuser, uid 1
getsmbfilepwent: end of file reached.
endsmbfilepwent_internal: closed password file.
getsampwsid failed: NT_STATUS_UNSUCCESSFUL

Anyone have any ideas on what I'm doing wrong here? I don't think export the username/pw hashes and then import them is a big ask, but I can't seem to get anywhere with these tools.

Michael Kohne
  • 2,334
  • 1
  • 16
  • 29
  • have you try to copy entire samba password file to new machine? – Romeo Ninov Jun 28 '22 at 13:24
  • we're using tsdbsam as the back-end for passwords, so I could probably try that next. Or I could switch to using smbpasswd as the back end and just copy this file in? Definitely an idea. I'd still like to know why this isn't working - I suspect that there's something fundamental that I don't understand. – Michael Kohne Jun 28 '22 at 17:27

1 Answers1

0

OK, I've worked out what was happening, and worked around it, but I don't understand it one bit.

When I did pdbedit -e the output file was a valid smbpasswd file, but the UID values were NOT the unix UIDs of the users (for instance, in my test above, the unix UID was 1000, the UID in the output was 1). Therefore, when trying to import, the pdbedit -i was unable to make sense of things.

In order to get around the issue, I simply did pdbedit -L -w, which gave me the same output, but with proper unix UIDs. This output file was happily ingested by pdbedit -i on the new system and everything is working fine.

I do NOT understand why the pdbedit -e output wasn't what I needed, nor do I have any idea what the values it was producing might have been. I'd be very happy to know what was going on here, for future reference.

Michael Kohne
  • 2,334
  • 1
  • 16
  • 29