[Samba] passwd program example for parsing new password typed?

Wed Sep 6 20:43:11 GMT 2006

On Wed Sep 6 18:58:20 GMT 2006 Logan Shaw wrote:
>That's a little odd to have two sets of accounts that are kept
>identical between two different domains.  But, maybe there is
>a reason for it.

yes. The fact is that I inherited this situation with passwords never
changed (and samba 2 on an old and unmaintained Caldera OpenLinux) and
known by the previous sysadmins.... and I have about 50 users, with
some of them working also on Saturdays and Sundays... with little time
for mainenance operations.
I switched to force password change and its privateness.
So the first step was to have the users do this manually at my seat,
the second now to automatically have them changing it, after migrating
to samba 3.

>No, it uses an Expect-like (not actual Expect, I think)
>script to talk to the passwd program.  The

Ok, thanks.
I setup the script based on your comments and further reading and now
it works great!
Aligning both samba and linux passwd on samba logon server and AD
password on Exchange domain.

The parametr in smb.conf is
passwd program = /usr/local/bin/align_pwd.sh %u
with default "passwd chat" parameter settings.
The draft but working passwd program (align_pwd.sh) on samba PDC is
something like:

#!/bin/bash
USER=$1
echo "New password"
read newpwd1
echo "Retype new password"
read newpwd2
if [ "$newpwd1" != "$newpwd2" ]
then
        echo "Sorry, passwords do not match"
        exit 1
fi
NEWPWD=$newpwd1
export USER NEWPWD
echo $USER > /tmp/ppp
echo $NEWPWD >> /tmp/ppp
#
# align linux shadow passwd
echo "$NEWPWD" | passwd --stdin $USER >> /tmp/ppp 2>&1
#
# align AD passwd
if [ $? -eq 0 ]
then
        FULLNAME=$(pdbedit -Lv $USER | grep "^Full Name" | awk '{print
$3" "$4}')
        ssh sambaslack "/root/set_adpwd.sh $FULLNAME $NEWPWD"
        echo "passwd: all authentication tokens updated successfully"
else
        echo "an error occured!" >> /tmp/ppp
        exit 1
fi

I still need to watch on monitoring return code on ssh remote shell
script, that takes care of doing the ldapmodify on AD. It is ok if all
goes well. I have to test possible errors that may happen and how to
treat them....
If anyone interested I can share the set_adpwd.sh script.

Bye,
Gianluca