sync passwords

Ulrich Kohlhase Ulrich.Kohlhase at t-online.de
Fri Sep 28 10:12:55 GMT 2001 

Dominic,

you may want to use a script similar to the one appended below. This script
needs perl and a (very) small adjustment in Sambas source file
"chgpasswd.c", please have a look at the commented lines.

Good luck,
Ulrich Kohlhase


----------------------------------------------------
#!/usr/bin/perl
#
# in smb.conf (yes, it's a dot in passwd chat !):
#  passwd program = /usr/bin/perl /usr/local/samba/lib/chgpasswd.pl %u %n
#  passwd chat = .
#  unix password sync = Yes
#
# in $PATH_TO_SAMBA_SOURCE/source/smbd/chgpasswd.c:
#  pstring_sub(passwordprogram, "%u", name);
#  add this new line:
#  pstring_sub(passwordprogram, "%n", newpass);
#
use Time::localtime;
($username, $newpass) = @ARGV;

# logging stuff:
my $tm = localtime();
$datestring = sprintf "%02d.%02d.%04d",$tm->mday, $tm->mon + 1, $tm->year +
1900;
$logfilename = sprintf ">>/usr/local/samba/var/pass.log";

# change password in /etc/shadow without interaction:
        $cmdtext = sprintf "echo %s:%s | /usr/sbin/chpasswd", $username,
$newpass;
        system($cmdtext);
        $logtext = sprintf "User \"%s\" succeeded changing password \"***\"
... ",$username;
        open (logfile, $logfilename);
        printf logfile  "%s - %02d:%02d:%02d : %s \n", $datestring,
$tm->hour, $tm->min, $tm->sec, $logtext;
        close logfile;

# change password in NIS DB
        $cmdtext = sprintf "make -C /var/yp >> /dev/null";
        system($cmdtext);
------------------------------------------------

> Hi all,
> I have managed to make smbpasswd update both unix NIS passwords
> and smb-passwords. Only that the price is a big security hole!
> yppasswd needs the root password! So I have changed the chat in smb.conf =
> to include the root password in clear text.

>  smb passwd file =3D /usr/local/samba/private/smbpasswd
>  unix password sync =3D yes
>  passwd program =3D /usr/bin/yppasswd %u
>  passwd chat =3D *NIS* <root password>\n *NIS* %n\n *new* %n\n =
> *changed* encrypt passwords =3D yes
> Now this has worked, but really not acceptable, since smb.conf must be
> readable by every one! So the root password can be read by anyone!

> Does any one know how to go around this?
> Thanks a bunch

More information about the samba-ntdom mailing list