[Samba] tmp-admin-pwreset.pl - temporary administrative password
Henry Van Styn
vanstyn at intellitree.com
Wed Apr 30 21:44:00 GMT 2008
I have written a Samba administrative perl script that I wanted to
share with the community.
We use Samba3 with a tdbsam backend (set to be synchronized with the
UNIX password database). Our users are Windows XP clients with
roaming profiles. During the course of supporting our users, our
techs frequently need to login *as* specific users to work on their
windows profile, such as Outlook profile settings, check out their
user specific problem reports, etc. The trouble is that if we don't
know their password (which we don't generally want to know) we have
to change their password, and then somehow alert them to the new
password so that they can login and reset their password when they
get back to their PC after we've worked on it.
This has been a cumbersome problem for us for a while, and to solve
it, I finally wrote tmp-admin-pwreset.pl. What it does is simple:
you pass it a list of usernames and a temporary password. It will
reset the password of all the supplied users (Samba and UNIX) to the
temporary password, but first will backup the current password
*hashes* for each of the users to a file, so that they can be reset
to their original values later on. You then call the script in
another mode ("--restore") and it sets all the password hashes for
both UNIX and Samba to what they were originally.
This effectively allows administrators to be able login as specific
users without knowing their password, and without having to change
their password either. Users won't even know anything changed at all
(and won't call the helpdesk because they can't login; didn't see
the note, didn't listen to the voicemail, etc).
I wrote this for our own use, however, I thought it might be useful
to others, so I am sharing it.
If anyone is interested, the script and documentation can be
Henry Van Styn
IntelliTree Solutions llc
More information about the samba