Samba4: Changing a user's passwd via LDAP
Michael Wood
esiotrot at gmail.com
Fri Aug 20 10:01:16 MDT 2010
Hi Luk
On 20 August 2010 16:32, Michael Wood <esiotrot at gmail.com> wrote:
> Hi Lukasz
>
> On 20 August 2010 15:42, Lukasz Zalewski <lukas at dcs.qmul.ac.uk> wrote:
>> On 08/20/2010 12:57 PM, Michael Wood wrote:
>>> I need to provide a web-based interface for users to change their
>>> passwords in Samba4. Is LDAP the best option?
> [...]
>>> I would appreciate any suggestions for how to do this, preferably from
>>> Python, or if LDAP is not the best way, then I would appreciate it if
>>> you could let me know what the best way is.
> [...]
>> I have managed to set the password using ldap interface as an admin user and
>> as normal user. Attached is proof-of-concept python script that allows you
>> to do the password change as an admin (--set_password_asadmin) or as a user
>> (--set_password_asuser)
>> the script assumes that you have got the appropriate krb ticket before its
>> run
>
> Thanks. I'll have a look at it now.
OK, I figured out what was wrong.
I was trying it over a non-secure connection to localhost, and since
it worked for an admin user, I did not suspect that that was the
problem.
Once I used gssapi it started working for the normal user too.
Thanks again, Luk, your script was useful for seeing how to do the
SASL authentication. Not I just need to figure out how best to do
that from a CGI script or something along those lines :)
P.S. It seems that if Samba is going to block password changes over
insecure connections for non-admin users, it should probably do so for
admin users too, shouldn't it?
--
Michael Wood <esiotrot at gmail.com>
More information about the samba-technical
mailing list