[Samba] Difficulties retrieving randomly assigned password for newly created Samba user acounts

L.P.H. van Belle belle at bazuin.nl
Mon Apr 29 09:34:12 UTC 2019

What the password is, is in the output on you screen, if not, then script it. 

kinit Administrator

# function random password.
RANDOMPASSWD(){ < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo; }

# Pull a random into USERPASS

# And create your user. 
sudo samba-tool user create "$USERNAME" --given-name="$GIVENNAME" --surname="$SURNAME" \
 --mail-address="$EMAIL" --company="$COMPANY" --password="$USERPASS" --must-change-at-next-login \
 --nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" \
 --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" \
 --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" \
  --gid-number=10000 -k 

Echo "$USERNAME:${USERPASS}" >> new-users.txt

Something like that. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Stephen via samba
> Verzonden: maandag 29 april 2019 11:11
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Difficulties retrieving randomly assigned 
> password for newly created Samba user acounts
> Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to 
> the help offered by everyone here I now finally have a mostly-working 
> Active Directory network.
> I am now at the stage of creating inidividual user accounts for my 
> domain and unfortunately I have a very basic but fundamental 
> problem! I 
> currently enter the following input at the command-line to 
> create a new 
> user on my DC:
> pi at ad1:~ $ sudo samba-tool user create "$USERNAME" 
> --given-name="$GIVENNAME" --surname="$SURNAME" 
> --mail-address="$EMAIL" 
> --company="$COMPANY" --random-password --must-change-at-next-login 
> --nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" 
> --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" 
> --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" 
> --gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD"
> User 'stephenellwood' created successfully
> After entering this, you see I get a confirmation prompt 
> indicating my 
> user was created. When I hop onto my domain fileserver, I can see the 
> new user, and this gives me additional confidence this has 
> actually been 
> created:
> pi at fs1:~ $ wbinfo -u
> stephenellwood
> administrator
> krbtgt
> guest
> In the switches passed to samba-tool previously you will see 
> that I have 
> requested a both a *random password* and that *this must be 
> changed at 
> the next login*. Crucially though, how do I find out what 
> stephenellwood's randomly assigned password actually is so I 
> can login 
> to this account for the first time?  Without this I am stuck 
> - I have a 
> new user account with an unknown randomised password and thus 
> cannot login.
> Ultimately since I couldn't retrieve the random password for 
> stephenellwood I then attempted to reset stephenellwood's password 
> manually myself to a known string value using samba-tool. 
> Unfortunately 
> this also didn't seem to work:
> sudo samba-tool user password --newpassword="$NEWPASSWORD" -U 
> "Administrator"
> Password for [OSSL\Administrator]:
> ERROR: Failed to change password : (-1073741716, 
> "samr_ChangePasswordUser3 for 'OSSL\\Administrator' failed: 
> I would really appreciate any help and advice anybody can offer 
> regarding this matter as I am now stuck at this point :)
> Thanks
> Stephen Ellwood
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list