[Samba] Check password script
blog at lesfourmisduweb.org
blog at lesfourmisduweb.org
Fri Jun 17 07:13:28 UTC 2016
Hi
Google provided a method ( for windows active directory ) that retrieves
the password while editing .
Some technical details are explained :
https://support.google.com/a/answer/2920764
https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms721766%28v=vs.85%29.aspx
This is used with their software "Google Apps Password Sync"
But, i Change the original function of the parameter "Check password
script" ...
So I guess it will surely be possible to activate it later ?
Thank you
Simon
Le 17/06/2016 02:51, Garming Sam a écrit :
> Unfortunately, there are other restrictions which disallow the use of
> macros in the active directory code, so it wouldn't be as simple as that.
>
> Thanks Denis for suggesting metze's branch. That might actually be the
> most appropriate way to solve this issue. Although there have been other
> ways of syncing passwords in the past, none of them are currently
> compatible with active directory. You'd have to do perform some form of
> migration, but that shouldn't be too difficult with the existing
> plaintext passwords.
>
> Metze has unfortunately been waiting for this to be merged for a while,
> hopefully I can get this sped up.
>
>
> Cheers,
>
> Garming
>
> On 17/06/16 09:49, Fonteneau Simon wrote:
>> interesting !
>> Let me take a closer look at that.
>>
>> I must send passwords in Office 365 and Google Apps.
>> Currently, My script works but it requires that Samba is configured
>> with the "Plain text Password" option. I want to change that.
>>
>> "Check password script" could solve my problem.
>>
>> "http://ltb-project.org/wiki/documentation/self-service-password" with
>> " post hook" solves my problem currently.
>>
>> I wish I use it like this :
>> Check password script = /script/scriptpassword.sh %U
>>
>> I will also see what offers me the patch of Garming Sam.
>>
>> Simon https://blog.lesfourmisduweb.org
>>
>>
>>
>> Le 16/06/2016 19:48, Denis Cardon a écrit :
>>> Hi Simon,
>>>
>>> Le 10/06/2016 11:12, blog at lesfourmisduweb.org a écrit :
>>>> Yes it could be interesting.
>>>> I want to use it to send the password has an API for other software. I
>>>> currently use the "Store passwords using reversible encryption" to use
>>>> my API. But I do not like this operation. I then use
>>>> "http://ltb-project.org/wiki/documentation/self-service-password" with
>>>> the " post hook"
>>> If your need is to have a ssha/cryptsha256/512 hash of the user
>>> password for third party apps authentication, you may take a look at
>>> the patch of metze [1], it seems to do just that.
>>>
>>> Cheers,
>>>
>>> Denis
>>>
>>> [1]
>>> https://lists.samba.org/archive/samba-technical/2016-February/112300.html
>>>
>>>
>>>> Your patch it allows you also to retrieve the user name ?
>>>>
>>>> Thank you verry much !
>>>>
>>>>
>>>> Le 10/06/2016 10:41, garming at catalyst.net.nz a écrit :
>>>>> Currently the functionality is not implemented in active directory (I
>>>>> also
>>>>> mistakenly thought it was, until I was corrected). Fortunately, I
>>>>> recently
>>>>> implemented it as a result of someone else raising it. It is still
>>>>> lacking
>>>>> some testing and needs some more work to be integrated upstream
>>>>> however. I
>>>>> should be able to supply the patches I have so far in the next week
>>>>> or so
>>>>> if you're interested.
>>>>>
>>>>> Cheers,
>>>>>
>>>>> Garming
>>>>>
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> Yes, active directory
>>>>>>
>>>>>> Simon
>>>>>>
>>>>>> Le 10/06/2016 03:37, Garming Sam a écrit :
>>>>>>> Hi,
>>>>>>>
>>>>>>> Are you running Samba active directory?
>>>>>>>
>>>>>>>
>>>>>>> Cheers,
>>>>>>>
>>>>>>> Garming
>>>>>>>
>>>>>>> On 10/06/16 00:28, blog at lesfourmisduweb.org wrote:
>>>>>>>> Hello
>>>>>>>>
>>>>>>>> I Can not run a "check password script" in smb.conf
>>>>>>>> Somebody can you tell me if this is depecated?
>>>>>>>> I find nothing in the official documentation.
>>>>>>>>
>>>>>>>> Simon
>>>>>>>>
>>>>
>>
>
More information about the samba
mailing list