[Samba] Difficulties retrieving randomly assigned password for newly created Samba user acounts
Stephen
stephen at ogdenradar.com
Mon Apr 29 10:04:56 UTC 2019
Okay, thanks everyone. After I posted I eventually found an answer to my
question. Basically, I was doing things wrong here, and the
--random-password switch to samba-tool not intended to be used with
user accounts at all - it's actually intended to be used with system
accounts only. By design it seems it doesn't report back on the random
password that is set.
Previously from Rowland in 2015:
"The whole idea of --random-password is to create a random password for
users that *don't* really need a password i.e. system services
If you want random passwords for users, then either use one of the many
password generators you can find on the internet, or write your own script."
Thanks
Stephen Ellwood
On 29/04/2019 10:34, L.P.H. van Belle via samba wrote:
>
> What the password is, is in the output on you screen, if not, then script it.
>
> kinit Administrator
>
> # function random password.
> RANDOMPASSWD(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; }
>
> # Pull a random into USERPASS
> USERPASS="$(RANDOMPASSWD)"
>
> # And create your user.
> sudo samba-tool user create "$USERNAME" --given-name="$GIVENNAME" --surname="$SURNAME" \
> --mail-address="$EMAIL" --company="$COMPANY" --password="$USERPASS" --must-change-at-next-login \
> --nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" \
> --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" \
> --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" \
> --gid-number=10000 -k
>
> Echo "$USERNAME:${USERPASS}" >> new-users.txt
>
> Something like that.
>
> Greetz,
>
> Louis
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Stephen via samba
>> Verzonden: maandag 29 april 2019 11:11
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Difficulties retrieving randomly assigned
>> password for newly created Samba user acounts
>>
>> Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to
>> the help offered by everyone here I now finally have a mostly-working
>> Active Directory network.
>> I am now at the stage of creating inidividual user accounts for my
>> domain and unfortunately I have a very basic but fundamental
>> problem! I
>> currently enter the following input at the command-line to
>> create a new
>> user on my DC:
>>
>> pi at ad1:~ $ sudo samba-tool user create "$USERNAME"
>> --given-name="$GIVENNAME" --surname="$SURNAME"
>> --mail-address="$EMAIL"
>> --company="$COMPANY" --random-password --must-change-at-next-login
>> --nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH"
>> --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH"
>> --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER"
>> --gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD"
>> User 'stephenellwood' created successfully
>>
>> After entering this, you see I get a confirmation prompt
>> indicating my
>> user was created. When I hop onto my domain fileserver, I can see the
>> new user, and this gives me additional confidence this has
>> actually been
>> created:
>>
>> pi at fs1:~ $ wbinfo -u
>> stephenellwood
>> administrator
>> krbtgt
>> guest
>>
>> In the switches passed to samba-tool previously you will see
>> that I have
>> requested a both a *random password* and that *this must be
>> changed at
>> the next login*. Crucially though, how do I find out what
>> stephenellwood's randomly assigned password actually is so I
>> can login
>> to this account for the first time? Without this I am stuck
>> - I have a
>> new user account with an unknown randomised password and thus
>> cannot login.
>>
>> Ultimately since I couldn't retrieve the random password for
>> stephenellwood I then attempted to reset stephenellwood's password
>> manually myself to a known string value using samba-tool.
>> Unfortunately
>> this also didn't seem to work:
>>
>> sudo samba-tool user password --newpassword="$NEWPASSWORD" -U
>> "Administrator"
>> Password for [OSSL\Administrator]:
>> ERROR: Failed to change password : (-1073741716,
>> "samr_ChangePasswordUser3 for 'OSSL\\Administrator' failed:
>> NT_STATUS_PASSWORD_RESTRICTION")
>>
>> I would really appreciate any help and advice anybody can offer
>> regarding this matter as I am now stuck at this point :)
>>
>> Thanks
>> Stephen Ellwood
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
More information about the samba
mailing list