Sync Passwords

Andrew Perrin - Demography aperrin at demog.Berkeley.EDU
Wed Jun 9 18:24:49 GMT 1999 

I would very much appreciate seeing this NT-compiled smbpasswd, and
possibly using it. Would you be willing to share it?

Thanks,
Andy Perrin 

---------------------------------------------------------------------
Andrew J. Perrin - aperrin at demog.berkeley.edu - NT/Unix Admin/Support
Department of Demography    -    University of California at Berkeley
2232 Piedmont Avenue #2120  -    Berkeley, California, 94720-2120 USA
http://demog.berkeley.edu/~aperrin --------------------------SEIU1199

On Wed, 9 Jun 1999, Colin Higgs wrote:

> > The passwd sync system works (and has done so for some time), however it
> > has a problem in that it does not report to a user why it failed to change
> > a passwd. As most systems around these days have pretty strict rules about
> > what a legal passwd is (ie not a recognised word or part thereof) most
> > people find that their first (and more) attempts to set a password fail.
> > Samba does not go ahead when passwd fails but the message that passwd
> > generates is not shown to the user. The user is told that the passwd / user
> > name combination is unacceptable and the user assumes that it is their
> > origional password is wrong.
> > 
> > I have many angry users who complain that they are being told that their
> > 'old' password is wrong when in fact, the problem is that their new
> > password is not good enough.
> 
> If you have winpopup enabled you can have samba send messages back to
> the client using smbclient. For example:
> 
> In smb.conf:
> # %u = user
> # %m = client machine
> passwd program = mypwdchanger %u %m
> 
> In mypwdchanger (sh syntax):
> #!/bin/sh
> $USER=$1
> $CLIENT=$2
> 
> #The prompt below should match your passwd chat
> echo SOMEPROMPT
> read newpass
> error=`checkpasswdforstupidthings $USER << EOF
> $newpass
> EOF`
> cracked=$?
> 
> ##write "checkpasswdforstupidthings" to return 0
> ##if $newpass is good
> 
> if [ $cracked -ne 0 ] ; then
> #bad passwd - send a message
> smbclient -U "Password Checker" -M $CLIENT > /dev/null << EOF
> Your password was not changed.
> Message from the password program:
> 
> $error
> EOF
> exit 1
> fi
> 
> #The password was good - change the password
> /bin/passwd $USER
> exit $?
> 
> One final note: On NT machines, if you use <ctrl> + <alt> + <del> to go
> on to change your password then you will not see winpopup messages :-(
> since they go to the usual desktop and not the "switched" screen
> (applogies for the bad terminology here - I am not an NT expert). I
> solved this problem by compiling smbpasswd for win32 and using that to
> change passwords instead (with a tk/tcl wrapper).
> 
> 
> -- 
> Colin Higgs,
> Chemical Engineering
> University of Edinburgh                 Email:  colin.higgs at ed.ac.uk
> King's Buildings, Mayfield Road,        Tel:    +44 (0)131 6508557
> Edinburgh, Scotland, EH9 3JL            Fax:    +44 (0)131 6506551
>

More information about the samba-ntdom mailing list