[SAMBA4] Help wanted: utility to set password properties

Johannes johannes_samba at aon.at
Mon Feb 2 18:23:03 GMT 2009


hi andrew,

i already made some tests with python and samba4,
but on my last question on RPC & LSA-strings nobody I got no answere.

anyway, the script you are talking about should work only as user root
by manipulating the LDAP entries on the server.
is this correct?

my passwd-change i tested first (for smbpasswd replacement in samba4)
was also working in the way, but of couse only with user root.

with changing entries on the LPAD i think i could handle it,
it this what you think about?

BR johannes


> Samba4 needs a small python script, and I figured I might as well ask
> the list to write it :-)
>
> We currently have utilities in source4/setup such as newuser,
> setpassword and setexpiry.
>
> However, we need a utility to manipulate the password properties, such
> as minPwdAge, maxPwdAge, minPwdLength and pwdProperties.  These are
> found in the basedn of the domain (ie DC=samba,DC=org).
>
> pwdProperties in particular is a bitmask, defined as:
>
> 	/* password properties flags */
> 	typedef [public,bitmap32bit] bitmap {
> 		DOMAIN_PASSWORD_COMPLEX		= 0x00000001,
> 		DOMAIN_PASSWORD_NO_ANON_CHANGE  = 0x00000002,
> 		DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004,
> 		DOMAIN_PASSWORD_LOCKOUT_ADMINS  = 0x00000008,
> 		DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010,
> 		DOMAIN_REFUSE_PASSWORD_CHANGE   = 0x00000020
> 	} samr_PasswordProperties;
>
> I need a new script to make it easier for administrators to set their
> domain to not enforce complex passwords (in particular), and to set the
> other flags.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.
>




More information about the samba-technical mailing list