[Samba] How to test that the administrator password is correct in a script?
Patrick Goetz
pgoetz at math.utexas.edu
Sat Mar 12 22:20:57 UTC 2022
Thanks, Roland. That was super helpful.
On 3/12/22 15:12, Rowland Penny via samba wrote:
> On Sat, 2022-03-12 at 14:53 -0600, Patrick Goetz via samba wrote:
>> I have a script which creates user accounts, makes home directories,
>> adds the users to groups, etc., but I'd like to make it more elegant.
>>
>> Right now if the administrator password is incorrectly entered you
>> get a
>> bunch of python errors as output. Also, since the script runs as
>> root,
>> some steps (e.g. home directory creation) are carried out even if
>> the
>> user creation fails because the administrator password was entered
>> incorrectly.
>
> Use 'kinit' to test the Administrator password:
>
> echo "$THE_PASSWORD" | kinit Administrator ; status="$?" ; echo
> "$status"
>
> Having done that, you can then use kerberos with script.
>
>>
>> I'd like to check the correctness of the password before actually
>> doing
>> anything -- has anyone figured out a good way to do this? My thought
>> was
>> to run some command as administrator and exit if the output
>> indicates
>> that the correct data wasn't retrieved.
>>
>> This problem is compounded by the fact that it appears samba-tool
>> only
>> works on a DC -- is this correct? Whenever I try to run something
>> like
>
> No, you can run must of the commands on a Unix domain member by using
> '-H' e.g. -H ldap://dc1
>
>>
>> samba-tool user list -U administrator
>>
>> on a client machine I just get a bunch of python errors. Seems like
>> it
>> should be possible to make this tool work from anywhere in the
>> domain.
>
> You can create the users Unix homedir on the fly with a 'root preexec'
> script.
>
> Rowland
>
>
>
More information about the samba
mailing list