[Samba] Need password for adduser script
rowlandpenny at googlemail.com
Tue Aug 26 08:13:27 MDT 2014
On 26/08/14 15:02, Johannes Amorosa | Celluloid VFX wrote:
> Hi Rowland,
> thank you for your time.
> On 08/26/2014 03:39 PM, Rowland Penny wrote:
>> On 26/08/14 11:00, Johannes Amorosa | Celluloid VFX wrote:
>>> Hello List,
>>> we like to add a newly generated user account that was created with
>>> the domain user tools, to another service on a separated machine,
>>> with the same credentials. Is there a simple way to retrieve the
>>> password like the username (%u) to hand the (cleartext-) password
>>> over to our adduser script?
>> Yes, write it on a piece of paper when you create the user in ADUC. ;-)
> We have a lot of freelancers here. When we create an account for them
> we don't want to add the same user and password by hand to every system.
OK, I was only joking ;-), the problem is that the users password is
stored in AD as a (supposedly) one-way unicode password, so getting the
cleartext password is very very difficult (as in, it would be easier to
write the password down).
I think that (providing that we are talking S4 AD and the other machine
is a linux machine) the easiest way, will be to create a script to add
the user to AD with samba-tool or ldbmodify & an ldif, once this is
done, the same script could 'ssh' into the other machine and add the
user there with the same username and password.
>>> I know this is a hack, but we want to have a soft transformation
>>> until our AD service is stable.
>> Wouldn't it be easier to make whatever service you have, work with AD ?
> Sure. Once our AD is proven solid, we switch and then we can
> authenticate all services through the new system.
> Until then we want to have two separated domains at the same time so
> we can have several weeks/month to make a soft switch until everything
> is production ready. This script would just keep the two domains
> "synced" without touching the production system.
>>> Thank you
More information about the samba