Sync Passwords

Colin Higgs colin.higgs at ed.ac.uk
Wed Jun 9 10:01:19 GMT 1999


> The passwd sync system works (and has done so for some time), however it
> has a problem in that it does not report to a user why it failed to change
> a passwd. As most systems around these days have pretty strict rules about
> what a legal passwd is (ie not a recognised word or part thereof) most
> people find that their first (and more) attempts to set a password fail.
> Samba does not go ahead when passwd fails but the message that passwd
> generates is not shown to the user. The user is told that the passwd / user
> name combination is unacceptable and the user assumes that it is their
> origional password is wrong.
> 
> I have many angry users who complain that they are being told that their
> 'old' password is wrong when in fact, the problem is that their new
> password is not good enough.

If you have winpopup enabled you can have samba send messages back to
the client using smbclient. For example:

In smb.conf:
# %u = user
# %m = client machine
passwd program = mypwdchanger %u %m

In mypwdchanger (sh syntax):
#!/bin/sh
$USER=$1
$CLIENT=$2

#The prompt below should match your passwd chat
echo SOMEPROMPT
read newpass
error=`checkpasswdforstupidthings $USER << EOF
$newpass
EOF`
cracked=$?

##write "checkpasswdforstupidthings" to return 0
##if $newpass is good

if [ $cracked -ne 0 ] ; then
#bad passwd - send a message
smbclient -U "Password Checker" -M $CLIENT > /dev/null << EOF
Your password was not changed.
Message from the password program:

$error
EOF
exit 1
fi

#The password was good - change the password
/bin/passwd $USER
exit $?

One final note: On NT machines, if you use <ctrl> + <alt> + <del> to go
on to change your password then you will not see winpopup messages :-(
since they go to the usual desktop and not the "switched" screen
(applogies for the bad terminology here - I am not an NT expert). I
solved this problem by compiling smbpasswd for win32 and using that to
change passwords instead (with a tk/tcl wrapper).


-- 
Colin Higgs,
Chemical Engineering
University of Edinburgh                 Email:  colin.higgs at ed.ac.uk
King's Buildings, Mayfield Road,        Tel:    +44 (0)131 6508557
Edinburgh, Scotland, EH9 3JL            Fax:    +44 (0)131 6506551


More information about the samba-ntdom mailing list