[Samba] tmp-admin-pwreset.pl - temporary administrative password reset tool

Henry Van Styn vanstyn at intellitree.com
Wed Apr 30 21:44:00 GMT 2008

I have written a Samba administrative perl script that I wanted to 
share with the community.

We use Samba3 with a tdbsam backend (set to be synchronized with the 
UNIX password database). Our users are Windows XP clients with 
roaming profiles. During the course of supporting our users, our 
techs frequently need to login *as* specific users to work on their 
windows profile, such as Outlook profile settings, check out their 
user specific problem reports, etc. The trouble is that if we don't 
know their password (which we don't generally want to know) we have 
to change their password, and then somehow alert them to the new 
password so that they can login and reset their password when they 
get back to their PC after we've worked on it.

This has been a cumbersome problem for us for a while, and to solve 
it, I finally wrote tmp-admin-pwreset.pl. What it does is simple: 
you pass it a list of usernames and a temporary password. It will 
reset the password of all the supplied users (Samba and UNIX) to the 
temporary password, but first will backup the current password 
*hashes* for each of the users to a file, so that they can be reset 
to their original values later on. You then call the script in 
another mode ("--restore") and it sets all the password hashes for 
both UNIX and Samba to what they were originally.

This effectively allows administrators to be able login as specific 
users without knowing their password, and without having to change 
their password either. Users won't even know anything changed at all 
(and won't call the helpdesk because they can't login; didn't see 
the note, didn't listen to the voicemail, etc).

I wrote this for our own use, however, I thought it might be useful 
to others, so I am sharing it.

If anyone is interested, the script and documentation can be 
downloaded here:


Best regards,

Henry Van Styn
IntelliTree Solutions llc

More information about the samba mailing list