[Samba] Re: Password Aging Policies - SAMBA
richard
rcoates at bigpond.net.au
Sat Apr 5 15:26:26 GMT 2003
Eyal, I cc this email to the list so others may contribute...
below are some simple password history scripting ideas i fiddled with a
while ago. It runs from command line with username as argument.. (Maybe
others have better ideas??)
I found little useful info on the web or in lists.
Not sure of the best way to interface/wrap with smbpasswd?
problem--There doesen't seem to be a (samba)mechanism to communicate
errors/feedback to clients....Samba3 may have this ability sometime in
the future?
Or..Xp-pro has lots of fancy user/pass/stuff already builtin, trouble
is you need group-policy/active-directory to make use of them. Unless
parts of A/D can be duplicated in samba one day?
Local-policies(xp-pro) as far as user/password stuff goes, work fine in
a workgroup environment. You can use xp built in security tools
here.Supposedly its possible for local security policy(xp-pro) to apply
in a samba domain, but I couldn't get password stuff to work. This is
what I have found after many hours searching/testing. I hope others will
jump in with their contributions. script below to play with, regards,
Richard Coates.
#!/bin/sh
# samba TESTING password history script Jan 2003, R.Coates
# could use encrypted hash from smbpasswd file instead of plain text
# change vars to suit
#mypath=/etc/samba # redhat path to samba config
mypath=/root # test path
hist=5 # number of passwords to keep
user=$1 # username ;passwd as 1st argument
# setup check; does "history" exist; create, set permissions
if ! [ -d $mypath/history >/dev/null ] ;then
mkdir $mypath/history
chmod 600 $mypath/history
fi
# at sambapassword change
# 1: new password is compared to history
# 2: if matched, error messg sent to user, retry
# ** problem **
# 3: if not matched
# new password appended to "history file"
# execute smbpasswd -a newpasswd to update samba password
# 4: history file truncated to "n" most recent entries
echo "enter newpassword"
read newpass
read newpass1
if ` grep $newpass $mypath/history/$user >/dev/null`;then
echo "password in recent history..try again"
else echo $newpass >> $mypath/history/$user # update history
echo $newpass > $mypath/history/tmp # write tmp password file
echo $newpass1 >> $mypath/history/tmp
tail -$hist $mypath/history/$user > $mypath/history/$user.tmp #
truncate history
mv -f $mypath/history/$user.tmp $mypath/history/$user
#execute smbpasswd -a here
smbpasswd -s -a $user < $mypath/history/tmp # update samba password
from tmp file
rm -f $mypath/history/tmp >/dev/null # remove tmp password
file
fi
On Sat, 2003-04-05 at 01:07, EyalM at cardonhealthcare.com wrote:
> My scripting knowledge is good, but i dont know where to look in. do you
> have any idea where to start?
>
>
>
>
>
> Eyal Marantenboim <eyal at eyal.com.ar>
> 04/04/2003 07:14
>
>
> To: eyalm at cardonhealthcare.com
> cc:
> Subject: Fwd: Re: [Samba] Re: Password Aging Policies - SAMBA
>
>
> >Subject: Re: [Samba] Re: Password Aging Policies - SAMBA
> >From: richard <rcoates at bigpond.net.au>
> >To: Eyal M <eyal at eyal.com.ar>
> >Date: 04 Apr 2003 08:27:01 +1000
> >
> >I am also... have been for months and have found zip. hows your
> >scripting knowledge?
> >Richard.
> >
> >On Fri, 2003-04-04 at 08:57, Eyal M wrote:
> >> Im looking for a solution to password aging, do u know where I can get
> one?
> >>
> >> Eyal.
> >>
> >> <ascannel at fws.gov> wrote in message
> >> news:OFEEB22D6F.70D864FE-ON89256CFD.007470D9-89256CFD.00755439 at irm.r9.fws.go
> >> v...
> >> >
> >> >
> >> > >I am sorry if this is a lame question, but I am setting up a
> Primary
> >> > Domain Controller and a Backup Domain Controller. All the clients
> are
> >> > Windows >2K or XP. I need the clients to reset their passwords every
> 30
> >> > days. I am having a hard time locating a procedure to set this
> feature.
> >> > LINUX has >'chage' but that does not seem to apply to SAMBA.
> >> >
> >> > Samba 2.x does not have this built in. Looks like Samba 3.0 will
> have
> >> this
> >> > as a feature. For now you get to do it yourself. If you check the
> >> > archives you'll find a number of homebrew solutions to password
> aging.
> >> >
> >> > Patrick
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > --
> >> > To unsubscribe from this list go to the following URL and read the
> >> > instructions: http://lists.samba.org/mailman/listinfo/samba
> >> >
> >>
> >>
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: http://lists.samba.org/mailman/listinfo/samba
>
>
>
More information about the samba
mailing list