[Samba] Need password for adduser script

[Rowland Penny]

On 26/08/14 15:02, Johannes Amorosa | Celluloid VFX wrote:
> Hi Rowland,
> thank you for your time.
> On 08/26/2014 03:39 PM, Rowland Penny wrote:
>> On 26/08/14 11:00, Johannes Amorosa | Celluloid VFX wrote:
>>> Hello List,
>>> we like to add a newly generated user account that was created with 
>>> the domain user tools, to another service on a separated machine, 
>>> with the same credentials. Is there a simple way to retrieve the 
>>> password like the username (%u) to hand the (cleartext-) password 
>>> over to our adduser script?
>> Yes, write it on a piece of paper when you create the user in ADUC. ;-)
> We have a lot of freelancers here. When we create an account for them 
> we don't want to add the same user and password by hand to every system.

OK, I was only joking ;-), the problem is that the users password is 
stored in AD as a (supposedly) one-way unicode password, so getting the 
cleartext password is very very difficult (as in, it would be easier to 
write the password down).

I think that (providing that we are talking S4 AD and the other machine 
is a linux machine) the easiest way, will be to create a script to add 
the user to AD with samba-tool or ldbmodify & an ldif, once this is 
done, the same script could 'ssh' into the other machine and add the 
user there with the same username and password.

Rowland

>>
>>>
>>> I know this is a hack, but we want to have a soft transformation 
>>> until our AD service is stable.
>> Wouldn't it be easier to make whatever service you have, work with AD ?
> Sure. Once our AD is proven solid, we switch and then we can 
> authenticate all services through the new system.
> Until then we want to have two separated domains at the same time so 
> we can have several weeks/month to make a soft switch until everything 
> is production ready. This script would just keep the two domains 
> "synced" without touching the production system.
>>
>> Rowland
>>>
>>> Thank you
>>> Joe
>>
>
>