[Samba] remote password change, if password is expired

Dr. Peer-Joachim Koch pkoch at bgc-jena.mpg.de
Tue Mar 27 14:15:20 UTC 2018 

Hi,

the normal ldap based tools will fail. If the password is expired an 
login will not be possible.
In principal it is useful, but for remote users using all kind of OS it 
is tricky.
Otherwise they could simply use vpn and connect to a terminal server ....

Bye, Peer

On 27.03.2018 15:49, Waishon via samba wrote:
> Hi,
>
> I don't know if the password check script is executed if you change the password using samba. You can simply test it:
> Download "LdapAdmin":
> http://www.ldapadmin.org
>
> Connect to your DC as a user. Then navigate to your user object and click on "Set password" in the context menu. Then you can verify if your script will be executed.
>
> Other options like the password length or password complexity will work when you set the password directly with LDAP.
> ________________________________
> From: samba <samba-bounces at lists.samba.org> on behalf of Marco Gaiarin via samba <samba at lists.samba.org>
> Sent: Tuesday, March 27, 2018 3:44:18 PM
> To: samba at lists.samba.org
> Subject: Re: [Samba] remote password change, if password is expired
>
> Mandi! Waishon via samba
>    In chel di` si favelave...
>
>> if you like to write something on your own using PHP you can use this library:
>> https://github.com/ldaptools/ldaptools
>> Then ask the users on the webpage for their username and password and bind with it to the LDAP.
>> Then you've to send an delete request of the unicodePwd field with the old password and then an add request with the new password. Both requests have to be in one query otherwise samba is denying the change.
> Good hint! Thanks!
>
>
> But i think that in this way password policy and 'check password
> script' are not honoured, eg you modify directly the LDAP data without
> password quality checks.
>
>
> For this reason i prefere to use ''standard'' tools, eg PAM/winbind.
>
> --
> dott. Marco Gaiarin                                     GNUPG Key ID: 240A3D66
>    Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
>    Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
>    marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797
>
>                  Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
>        http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
>          (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
Mit freundlichen Grüßen,
     Peer-Joachim Koch
________________________________________________________

Max-Planck-Institut für Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
D-07745 Jena                 Telefax: ++49 3641 57-7705

More information about the samba mailing list