[Samba] remote password change, if password is expired

Waishon waishon009 at gmail.com
Tue Mar 27 13:49:22 UTC 2018


I don't know if the password check script is executed if you change the password using samba. You can simply test it:
Download "LdapAdmin":

Connect to your DC as a user. Then navigate to your user object and click on "Set password" in the context menu. Then you can verify if your script will be executed.

Other options like the password length or password complexity will work when you set the password directly with LDAP.
From: samba <samba-bounces at lists.samba.org> on behalf of Marco Gaiarin via samba <samba at lists.samba.org>
Sent: Tuesday, March 27, 2018 3:44:18 PM
To: samba at lists.samba.org
Subject: Re: [Samba] remote password change, if password is expired

Mandi! Waishon via samba
  In chel di` si favelave...

> if you like to write something on your own using PHP you can use this library:
> https://github.com/ldaptools/ldaptools
> Then ask the users on the webpage for their username and password and bind with it to the LDAP.
> Then you've to send an delete request of the unicodePwd field with the old password and then an add request with the new password. Both requests have to be in one query otherwise samba is denying the change.

Good hint! Thanks!

But i think that in this way password policy and 'check password
script' are not honoured, eg you modify directly the LDAP data without
password quality checks.

For this reason i prefere to use ''standard'' tools, eg PAM/winbind.

dott. Marco Gaiarin                                     GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list