I'm trying to set up our mail server as part of a single-sign-on environment with Samba 3.0.24 as PDC. I'm following Greg's instructions from the wiki, and I've got it set up to a point where I can attach a Windows XP machine to the domain and log in using a Zimbra account set up after the zimbra_samba and zimbra_posixaccount extensions were installed. However, I'd like to be able to bulk provision my existing users (i.e. those who were set up before the extensions were installed) without having to ask each and every one of them to reset their password.

Looking at the LDAP, I see an encrypted "userPassword" field for these users. I also see an encrypted "sambaNTPassword" field, and unfortunately they are not one and the same. I don't suppose there's a nifty little numerical trick that will transform the one into the other, is there?