[Samba] Compiling within Samba Source-Tree

Rowland Penny rpenny at samba.org
Sun Oct 15 13:24:02 UTC 2023 

On Sun, 15 Oct 2023 14:36:25 +0200
Peter Koch via samba <samba at lists.samba.org> wrote:

> Dear Rowland:
> 
> Am 15.10.2023 um 10:54 schrieb Rowland Penny via samba:
> >> Dear Samba-experts:
> >>
> >> we migrated from Samba 3.6 to 4.18 and everything works well.
> > I remember this, didn't you have a problem with the SID ?
> 
> Yes, that was me. I migrated a Samba3 server from a Solaris Sparc
> machine to an Intel machine and it lasted quite some time until
> I realized that all my problems were caused by the different
> byte ordering of those two machines
> 
> >> But there are two problems where I need some expert-help:
> >>
> >> We are using a daemon that is running on our AD-server. It accepts
> >> connections from remote machines and changes the passwords of
> >> certain users.
> > What users ?
> > AD users or local users on a non domain joined computer ?
> > If they are AD users, then you probably shouldn't be using smbpasswd
> > and if they are local users on a non domain computer, then they
> > probably shouldn't be in AD or you should be using something like:
> 
> All our users are stored within the AD. We offer some kind of
> self-service for users that fogot their password. If they can prove
> their identity by using their employee smart card they can open
> a SSL-connection with a daemon that is running on our AD.
> The daemon will accept the SSL connection only if a client
> certificate was used. The daemon will then change the users
> password, so it's doing almost the same thing that
> "smbpasswd user" would be doing if started by root on the AD.
> That's why I used smbpasswd.c as a starting point.
> 
> The Samba3-version of that daemon worked well for almost
> 20 years
> 

You might want to come up to date and use samba-tool instead of
smbpasswd, that would mean that you wouldn't have to keep altering the
source code.

There are two options:
samba-tool user password
samba-tool user setpassword

The first one runs as root and will set a users AD password, the second
allows a user to change their own password and requires the old and new
passwords. Just add ' --help' to the two commands above to get further
details. 

Rowland

More information about the samba mailing list