[Samba] Set a temporary password on user accounts (samba4)

Daniel Berteaud daniel at firewall-services.com
Thu Sep 5 07:37:58 UTC 2019

Hi there.

I'm looking for a way to temporarily change password for some users.

I have a samba4 install in DC mode (running samba 4.8.3), everything is
working fine. I'm now migrating an email system which will use samba4
auth (Zimbra, but doesn't matter here).

I'd like to set a temp password, so I can migrate imap trees with
imapsync or similar, then, when everything is done, restore the previous
password of the users (without forcing them to reset it)

I've red this thread :
https://lists.samba.org/archive/samba/2017-April/207637.html. So, it
should be possible to backup the unicodePwd attr, then restore it and
wipe supplementalCredentials. But, I'd prefer being able to generate AES
kerb tickets (as users do not change their password often)

Can I backup the whole user entry, and restore it later ? Or just a set
of attributes ? Only supplementalCredentials and unicodePwd are enough ?

In the SMB 3 days, I could just backup hashes from /etc/shadow and
/etc/smb/smbpasswd (or OpenLDAP depending on the backend) and then
restore them, it was easy.



More information about the samba mailing list