sync passwords
Ulrich Kohlhase
Ulrich.Kohlhase at t-online.de
Fri Sep 28 10:12:55 GMT 2001
Dominic,
you may want to use a script similar to the one appended below. This script
needs perl and a (very) small adjustment in Sambas source file
"chgpasswd.c", please have a look at the commented lines.
Good luck,
Ulrich Kohlhase
----------------------------------------------------
#!/usr/bin/perl
#
# in smb.conf (yes, it's a dot in passwd chat !):
# passwd program = /usr/bin/perl /usr/local/samba/lib/chgpasswd.pl %u %n
# passwd chat = .
# unix password sync = Yes
#
# in $PATH_TO_SAMBA_SOURCE/source/smbd/chgpasswd.c:
# pstring_sub(passwordprogram, "%u", name);
# add this new line:
# pstring_sub(passwordprogram, "%n", newpass);
#
use Time::localtime;
($username, $newpass) = @ARGV;
# logging stuff:
my $tm = localtime();
$datestring = sprintf "%02d.%02d.%04d",$tm->mday, $tm->mon + 1, $tm->year +
1900;
$logfilename = sprintf ">>/usr/local/samba/var/pass.log";
# change password in /etc/shadow without interaction:
$cmdtext = sprintf "echo %s:%s | /usr/sbin/chpasswd", $username,
$newpass;
system($cmdtext);
$logtext = sprintf "User \"%s\" succeeded changing password \"***\"
... ",$username;
open (logfile, $logfilename);
printf logfile "%s - %02d:%02d:%02d : %s \n", $datestring,
$tm->hour, $tm->min, $tm->sec, $logtext;
close logfile;
# change password in NIS DB
$cmdtext = sprintf "make -C /var/yp >> /dev/null";
system($cmdtext);
------------------------------------------------
> Hi all,
> I have managed to make smbpasswd update both unix NIS passwords
> and smb-passwords. Only that the price is a big security hole!
> yppasswd needs the root password! So I have changed the chat in smb.conf =
> to include the root password in clear text.
> smb passwd file =3D /usr/local/samba/private/smbpasswd
> unix password sync =3D yes
> passwd program =3D /usr/bin/yppasswd %u
> passwd chat =3D *NIS* <root password>\n *NIS* %n\n *new* %n\n =
> *changed* encrypt passwords =3D yes
> Now this has worked, but really not acceptable, since smb.conf must be
> readable by every one! So the root password can be read by anyone!
> Does any one know how to go around this?
> Thanks a bunch
More information about the samba-ntdom
mailing list