Setting password on NT PDC using Samba w/admin rights
Luke Kenneth Casson Leighton
lkcl at samba.org
Tue Dec 14 18:27:10 GMT 1999
rpcclient has two methods to do this. hmmm... one of them has a bug!!!!
:-) i put in some new error checking and it's working very well :-) :-)
On Tue, 14 Dec 1999, Ryan Russell wrote:
> Howdy. I hope I'm not asking a stupid question that everyone but me
> know the answer to. I've done a bit of web searching, archive searching,
> and poking around the source, so I hope I've done my due diligence.
>
> Here's what I'm basically trying to accomplish:
>
> I want to reset the passwords of NT users in one of our domains from
> a *nix box. Obviously, I've looked at smbpasswd. That works well
> if the old password is known. I'm looking at the situation where an
> admin doesn't know the old password, but they themselves have the
> right to change passwords for everyone. Just to be explicit, the PDC
> is a Windows NT machine, and there is no local smbpasswd file
> on the unix machine that I'm concerned about.
>
> Poking around in the source, I see remote_password_change
> ultimately calls:
>
> if(!cli_oem_change_password(&cli, user_name, new_passwd, old_passwd)) {
> slprintf(err_str, err_str_len-1, "machine %s rejected the
> password change: Error was : %s.\n", remote_machine, cli_errstr(&cli) );
> cli_shutdown(&cli);
> return False;
>
> after some cli setup. The cli setup prototype looks promising:
>
> BOOL cli_session_setup(struct cli_state *cli,
> char *user,
> char *pass, int passlen,
> char *ntpass, int ntpasslen,
> char *workgroup);
>
> However, digging deeper shows that the cli_oem_change_password function
> maps to the SamOEMChangePassword call, which is documented in
> Paul Leach's CIFS draft. That call explictly calls for both an old and new
> password,
> so I assume that I can't use that call, no matter how priveleged an account I
> give in
> the cli_session_setup call.
>
> I also notice rpcclient, which looks promising. However, the parts I need
> don't seem to be implemented on *nix yet. A nice bonus for my project would be
> to be able to pull a user list from a *nix Samba client. By way of vote, I'd
> like
> to see rpcclient renamed net, eventvwr, etc.. As someone familiar with both NT
> and unix in general, I completely missed the purpose of rpcclient for a few
> days,
> I think mostly because of the name. Symlinks and checking argv[0] would be just
> fine..
> just something that would make my brain click when I saw the names in the
> directory.
>
> So, does there exist way to do what I want? Is the appropriate call buried
> elsewhere
> in Samba? Does rpcclient need to get farther along first? If what I want
> doesn't
> exist quite yet, is there any chance that a newbie to the Samba project would be
> able to contribute in these areas? (Not asking whether code contributions would
> be
> accepted... asking if there's any chance I'd be able to figure out what needs to
> be written.)
>
> Thanks for any help you can provide.
>
> Ryan
>
>
>
>
>
More information about the samba-technical
mailing list