Setting Samba passwords from windows clients
Spammy
let users change passwords without having to give them telnet access to the
server. I know SWAT can do it, but I also don't want any of my users to be
able to view the smb settings etc that swat displays when a standard user
authenticates to it.
My network is using workgroups rather than domains as I don't have any PDCs
(Also don't want to setup the samba box as a PDC either if that can be
done).
Is there another web-based option to changing samba passwords or even a
win32 program to be able to do it?
Mikkel Kruse Johnsen
It all depent on with password changer program you use. I'm using RedHat and
this string works:
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
passwd:*all*authentication*tokens*updated*successfully*
It is simply what the password program writes on the screen, "*" meens space
and "%n" is what you type.
If you type in a password that Linux normaly will complain about, then it will
not work. So from Windows you have to supply a password Linux like.
Bye
Linet
Mikkel Johnsen
http://www.linet.dk
Andreas Profitlich
Mikkel has the same problem as me, and this is not the solution.
There are a lot of Windows Users on one of my SAMBA-SERVERS out here. No
one is able to use telnet or ssh. So if they like to change their
passwords with the build in mechanism, they only change the password for
their local machine. The SAMBA-Password leaves unchanged. So if they
start again their computers and lohin with the new password, they are
not able to mount the samba ressources again (automatically, with a
script ( net use ...). There they have to type in their old Password.
So what we need is a very simple program which:
1. changes the login Password on the local machine
2. and changes the passsword on SAMBA to the same new password
Is there a solution out anywhere?
If not, the solution maybe:
1. WWW-Server, insert in a few fields the username, old pwd, new pwd and
start with a perl-skript: smbpasswd with the fields as parameters (I've
never played with perl before, does anybody know, how to do this in a
fast and secure way?)
2. A small batch - File which deletes the *.pwl File in the c:\windows.
(So all users needs to enter their passwords again twice, if the machine
reboots)
both should start together!
Has anybody build sth. like that before?
cu
Profi
Joachim Zobel
>Is there another web-based option to changing samba passwords or even a
>win32 program to be able to do it?
Have a look at "unix passwd sync" and "passwd chat" in man smb.conf.
Hth,
Joachim
--
"I read the news today oh boy" - The Beatles - A Day In The Life
Althoug this message has a valid From header, replies
to us...@netcologne.de where user = nc-zobeljo
are preferred.
Spammy
from win32 machines, not how to sync passwords.
I have the unix sync passwords working fine. If I let users telnet into the
box, they can change their samba passwords and it changes the unix one to
match it.
I just want my people to be able to change passwords from win23 machines as
I don't want to give them telnet access to the samba box. I know SWAT can
do it, but I also don't want any of my users to be able to view the smb
settings etc that swat displays when a standard user
authenticates to it.
My network is using workgroups rather than domains as I don't have any PDCs
(Also don't want to setup the samba box as a PDC either if that can be
done).
Is there another web-based option to changing samba passwords or even a
win32 program to be able to do it?
"Joachim Zobel" <jzo...@my-dejanews.com> wrote in message
news:38dd97f2...@dilbert.crrrwg.de...
ra...@adsl-151-203-22-73.bellatlantic.net
>Hi,
>
>Mikkel has the same problem as me, and this is not the solution.
>There are a lot of Windows Users on one of my SAMBA-SERVERS out here. No
>one is able to use telnet or ssh. So if they like to change their
>passwords with the build in mechanism, they only change the password for
>their local machine. The SAMBA-Password leaves unchanged. So if they
Try HTTP and SSL. It's possible to use Apache with the mod_ssl modules
loaded to set up a reasonably secure CGI script to use the "smbpasswd"
command and change their passwords for Samba access, and possible to run
"passwd" and change their UNIX passwords as well.
It's not trivial change both UNIX and Windows passwords directly from the PC's
with encryption turned on for the SMB clients, since UNIX and Windows use
different encryption techniques and don't ideally send passwords in clear
text.
Why can't your people use SSH?
>If not, the solution maybe:
>
>1. WWW-Server, insert in a few fields the username, old pwd, new pwd and
>start with a perl-skript: smbpasswd with the fields as parameters (I've
>never played with perl before, does anybody know, how to do this in a
>fast and secure way?)
Take a look at the HTTP-User-Manager CGI scripts, at various net locations.
--
Nico Kadel-Garcia
nka...@bellatlantic.net
Thomas Bader
Perhaps why the users aren't familar with *nix and the sysadmin is afraid of
loosing their private files if the users make a mistake?
Cheers,
--Thomas
--
.-. Thomas Bader · tho...@trash.net.remove · http://www.t-bader.ch/ .-.
oo| {Perl|Java|Python|Security|Gimp}: http://lists.t-bader.ch/ oo|
/`'\ Einen Unix-Shellaccount gibt es unter http://www.trash.net/ /`'\
(\_;/) PGP Key-ID: 0x3A4B7F5D (RSA) 0x7584F5D8 (DSA/EG) (\_;/)
Joachim Zobel
>That is not the question I asked. I asked how to change passwords for samba
>from win32 machines, not how to sync passwords.
>
>I have the unix sync passwords working fine. If I let users telnet into the
>box, they can change their samba passwords and it changes the unix one to
>match it.
If you run samba as PDC, you can change the "Windows Network Password"
from "Control Panel"/"Passwords" (retranslated from
"Systemsteuerung/Kennwoerter", "Microsoft-Netzwerk". I don't know if
this works for workgroups.
ra...@adsl-151-203-22-73.bellatlantic.net
>* ra...@adsl-151-203-22-73.bellatlantic.net:
>> Why can't your people use SSH?
>
>Perhaps why the users aren't familar with *nix and the sysadmin is afraid of
>loosing their private files if the users make a mistake?
Moo-ha-ha! This is *EASY*. Set up SSH for them, and give them a very
restricted shell (with smrsh or a script) that can only be used for ftp and
setting their passwords.
--
Nico Kadel-Garcia
nka...@bellatlantic.net
Thomas Bader
> Moo-ha-ha! This is *EASY*. Set up SSH for them, and give them a very
> restricted shell (with smrsh or a script) that can only be used for ftp and
> setting their passwords.
I agree with you. One could give the users "/bin/passwd" as login shell,
so they can't do mistakes. Or one could give /bin/rbash as login shell
to the users.
Andreas Profitlich
in german my users are all called DAU'S (duemmster anzunehmender User) =
people who didn't know anything about computers except Winword and
Netscape (Yeah, i teached them to use E-Mail, but that wasn't easy).
They have all installed a freeware ssh-shell on their computers, but if
they see the command line, they get crazy. So I need to make it as easy
as possible for them.
cu
Andreas Profitlich
Andreas Profitlich
Hi,
i tried this before. This should be the solution, if you have a PDC, but
it didn't work. And I don't know why.
(SUSE 6.3 , SAMBA 2.06)
cu
Andreas Profitlich
Spammy
as a PDC. So this option isn't available to me.
"Andreas Profitlich" <heilige...@gmx.de> wrote in message
news:38E0E8C0...@gmx.de...
Thomas Bader
> in german my users are all called DAU'S (duemmster anzunehmender User) =
Yepp ;-)
> They have all installed a freeware ssh-shell on their computers, but if
> they see the command line, they get crazy. So I need to make it as easy
> as possible for them.
Why you don't use a web frontend to change the passwords?
Andreas Profitlich
>
> * Andreas Profitlich <heilige...@gmx.de>:
> > in german my users are all called DAU'S (duemmster anzunehmender User) =
>
> Yepp ;-)
>
> > They have all installed a freeware ssh-shell on their computers, but if
> > they see the command line, they get crazy. So I need to make it as easy
> > as possible for them.
>
> Why you don't use a web frontend to change the passwords?
Give me one, and I am happy!
But this is not the whole simple solution, because you have to change
the passwords on the windows machine as well (they are placed in the
*.pwl Files)
cu
Francois-Xavier Le Bail
if you use the key :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network]
"DisablePwdCaching"=dword:00000001
you have no more *.pwl files.
Francois-Xavier
David Collier-Brown
>
> Like I keep saying, I don't have a PDC nor do I want to set my samba box up
> as a PDC. So this option isn't available to me.
Samba can update passwords, always could. The limitation
isn't PDC's, it's encryption.
So long as you're using plain-text passwords, changing the
password on the Windows client will ship the password to the
server. Samba then updates /etc/passwd and/or shadow.
If you use encrypted passwords, the client passes a strange
thingie that's the equivalent of a plain-text password,
which samba can update the smbpasswd file with, but not
/etc/passwd.
Have a peek at
http://www.oreilly.com/catalog/samba/chapter/book/ch06_04.html
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632
Spammy
Spammy
Like I have said in all my other postings, if I give users telnet access to
the box, they can already change their samba passwords and it syncs the unix
password at the same . That was easy to setup and get going.
The issue is that I don't want to give users access to the box at all. The
solution I am looking for is basically a web frontend that will change the
samba password, sort of like swat but without being able to view the current
status/configuration of samba.
Andreas Profitlich
tnx.
And now I only need a possibility to change the Samba-Password
WWW-based. Well, I've never played before with CGI or Perl - Skripts,
but now I need them, or is there another solution out there?
Andreas Profitlich
Andreas Profitlich
if I hopefully understand you, it's possible to change your Samba -
Passwords from your Windows Machine if you are using plain passwords,
without login in the Samba Machine. Only while using the PASSWORDS -
Program in the ... ( in the German Windows Version it's called
Systemsteuerung, anyone here who knows the english term? ).
Note to SPAMMY:
I know, that's not a solution for you, but maybe for me.
cu
Andreas Profitlich
Andrew Williams
In this case, the smbpasswd file is irrelevant, it is not used and need not exist.
If you are using encrypted passwords, you can change *them* in the same way.
I use encrypted passwords for Samba and have the /etc/shadow passwords set so that
most of the Samba users have no shell access at all - a security measure. In the
same vein, I also see no reason at all to synchronise the passwords.
Andreas Profitlich wrote:
--
Mielipiteet omiani - Opinions personal, facts suspect, especially on my
http://home.germany.net/101-69082/samba.html
Simple Samba Solutions web page. ICQ 1722461
David Collier-Brown
>
> This is getting repetitive.
>
> Like I have said in all my other postings, if I give users telnet access to
> the box, they can already change their samba passwords and it syncs the unix
> password at the same . That was easy to setup and get going.
>
> The issue is that I don't want to give users access to the box at all. The
> solution I am looking for is basically a web frontend that will change the
> samba password, sort of like swat but without being able to view the current
> status/configuration of samba.
Why do even that much? The "change password" icon
in Win9x works fine for me?
Or are you just an agent provocateur, oh unreplyable
one?
Andreas Profitlich
1. the Unix Password are completly irrelevant and in fact, I've disabled
all unix - shell accounts for normal users.
2. I've tried to change the Samba-passwords (not the local passwords!).
If no PDC is running, there is no possibility to do this. If Samba is
configured as a PDC, there is a possibility in win 98 to change the
passwords on an NT-Server, which runs as PDC. So there should be the
possibility to change Passwords from one of the Win98 - machines on the
SAMBA - machine as well. But this doesn't work.
(Samba 2.06, Win98-2 (german version))
cu
Andreas
> > > --dave
> > > --
> > > David Collier-Brown in Boston
> > > Phone: (781) 442-0734, Room BUR03-3632
>
Joachim Zobel
>Spammy wrote:
>>
>> Like I keep saying, I don't have a PDC nor do I want to set my samba box up
>> as a PDC. So this option isn't available to me.
>
> Samba can update passwords, always could. The limitation
> isn't PDC's, it's encryption.
Ok, if you have encrypted passwords you can get samba to do the unix
pw sync and update both. But how can you get the winclients to offer
you a "change password" dialog if they do not detect a PDC? And for
which server (if not _the_ PDC) should they offer this?
Spammy
frustrated :(
Anyway, in answer to your question, I am running NT at work which throws
another spanner in the works and also I am using netatalk for our Apple Macs
which uses the unix password file for it's users.
So what I really need is some platform independent option (eg a webpage) to
change passwords. If users change passwords from the appletalk side, that
only changes the unix passwords and it doesn't sync to the samba passwords.
I need the samba passwords to be changed so that the password syncing works
correctly.
"David Collier-Brown" <dav...@canada.sun.com> wrote in message
news:38E35613...@canada.sun.com...
> Spammy wrote:
> >
> > This is getting repetitive.
> >
> > Like I have said in all my other postings, if I give users telnet access
to
> > the box, they can already change their samba passwords and it syncs the
unix
> > password at the same . That was easy to setup and get going.
> >
> > The issue is that I don't want to give users access to the box at all.
The
> > solution I am looking for is basically a web frontend that will change
the
> > samba password, sort of like swat but without being able to view the
current
> > status/configuration of samba.
>
> Why do even that much? The "change password" icon
> in Win9x works fine for me?
>
> Or are you just an agent provocateur, oh unreplyable
> one?
>
Charlie Brady
On Thu, 30 Mar 2000, Spammy wrote:
> This is getting repetitive.
>
> Like I have said in all my other postings, if I give users telnet access to
> the box, they can already change their samba passwords and it syncs the unix
> password at the same . That was easy to setup and get going.
>
> The issue is that I don't want to give users access to the box at all. The
> solution I am looking for is basically a web frontend that will change the
> samba password, sort of like swat but without being able to view the current
> status/configuration of samba.
Have a look at the e-smith server/gateway distribution of linux -
http://www.e-smith.net/. It may be what you want, or you may be able to
pull it apart and grab what you want.
Charlie Brady
Aurema Pty Ltd
PO Box 305, Strawberry Hills, NSW 2012, Australia
Email:char...@aurema.com, Tel: +61 2 9698 2322, Fax: +61 2 9699 9174
"I think it would be a good idea." Gandhi, on Western Civilisation.
Andreas Profitlich
John Lucas
"Andreas Profitlich" <AProf...@gmx.de> wrote in message
news:38E4875A...@gmx.de...
: The only solution seems to be a Web - Interface with a cgi - Skript.
:
David Collier-Brown
> Ok, if you have encrypted passwords you can get samba to do the unix
> pw sync and update both. But how can you get the winclients to offer
> you a "change password" dialog if they do not detect a PDC? And for
> which server (if not _the_ PDC) should they offer this?
The server you logged in to, of course. Samba's done
this from **way** back before 1.9.18. All this PDC
stuiff is a red herring. Which, admittedly, sure
does sell NT server.
Andreas Profitlich
tnx
John Lucas wrote:
>
> SWAT has web based password management built in.
>
> "Andreas Profitlich" <AProf...@gmx.de> wrote in message
> news:38E4875A...@gmx.de...
> : The only solution seems to be a Web - Interface with a cgi - Skript.
> :
> : Joachim Zobel wrote:
> : >
> : > David Collier-Brown <dav...@canada.sun.com> wrote:
> : >
> : > >Spammy wrote:
> : > >>
> : > >> Like I keep saying, I don't have a PDC nor do I want to set my samba
> box up
> : > >> as a PDC. So this option isn't available to me.
> : > >
> : > > Samba can update passwords, always could. The limitation
> : > > isn't PDC's, it's encryption.
> : >
> : > Ok, if you have encrypted passwords you can get samba to do the unix
> : > pw sync and update both. But how can you get the winclients to offer
> : > you a "change password" dialog if they do not detect a PDC? And for
> : > which server (if not _the_ PDC) should they offer this?
John Lucas
"Andreas Profitlich" <AProf...@gmx.de> wrote in message
news:38E4B8D6...@gmx.de...
: read the whole thread, before you post anything.
: > :
:
John Lucas
John Lucas
John Lucas
Andreas Profitlich
calm down!
we only need a simple user interface to change the SAMBA Passwords, not
the whole configuration file of Samba. If you´ve read the whole thread,
you were able to see this.
Bye bye, and welcome on my ignore List.
cu
John Lucas
port 98 to only bring up the password change feature or use it as a starting
point to develop your own html code? A URL like:
http://192.168.100.1:98/html:/ok,==Users==accounts/ok,==User==accounts/ok,us
ername/
would give them access to change only there account...
"Andreas Profitlich" <AProf...@gmx.de> wrote in message
news:38E4BEEF...@gmx.de...
: hey hey,
: > :
:
David Collier-Brown
[Curses elided]
Hey folks, this is a technical newsgroup, we don't need
to get into flamage...
Andreas Profitlich
OK I am using SUSE 6.3. linuxconf and the SUSE-Configuration Tool YAST
did not run with linuxconf.
In fact I惴 now learning a little bit Perl and plan to run a CGI-Skript
from my WWW-Server to change the passwords. I post the Skript, if it愀
working (for you David).
cu
Andreas Profitlich
John Lucas wrote:
>
> Why don't you edit the html files for the web based linuxconf that runs on
> port 98 to only bring up the password change feature or use it as a starting
> point to develop your own html code? A URL like:
>
> http://192.168.100.1:98/html:/ok,==Users==accounts/ok,==User==accounts/ok,us
> ername/
>
> would give them access to change only there account...
>
> "Andreas Profitlich" <AProf...@gmx.de> wrote in message
> news:38E4BEEF...@gmx.de...
> : hey hey,
> : calm down!
> :
> : we only need a simple user interface to change the SAMBA Passwords, not
> : the whole configuration file of Samba. If you扉e read the whole thread,
Spammy
"Andreas Profitlich" <AProf...@gmx.de> wrote in message
news:38E6813E...@gmx.de...
ra...@adsl-151-203-22-73.bellatlantic.net
>What are you a fucking know it all, or what?
>
>news:38E4B8D6...@gmx.de...
>: read the whole thread, before you post anything.
This looks like a cascade attack on these newsgroups: ranting wienies pop up
and send repeated replies to each other with a single line of new text each to
avoid hitting the spam filters. The fastest way to end them is for someone to
expose their real name and history in public. The second way, that takes
longer, is to take a baseball bat to the organ they use to type with....
Toss them in your killfiles now and save yourselves the grief.
--
Nico Kadel-Garcia
nka...@bellatlantic.net
Frankie Li
to do this... I am in fact working on such a project, although it
does not use any encryption modules at the time. (Oh come on, I'm
just a high school student... I have yet to learn those yet... :)
I have yet to finish it, but I am more than happy to share it if
anyone find it of any use. It is, of course, not exactly the best
program under the sun, but at least it works. :) It is neither
efficient nor secure (not until I add some encryption to it)...
Frankie
Spammy wrote:
>
> I have a samba server running on my network and am trying to workout how to
> let users change passwords without having to give them telnet access to the
> server. I know SWAT can do it, but I also don't want any of my users to be
> able to view the smb settings etc that swat displays when a standard user
> authenticates to it.
>
> My network is using workgroups rather than domains as I don't have any PDCs
> (Also don't want to setup the samba box as a PDC either if that can be
> done).
>
> Is there another web-based option to changing samba passwords or even a
> win32 program to be able to do it?
Joachim Zobel
>Joachim Zobel wrote:
>
>> Ok, if you have encrypted passwords you can get samba to do the unix
>> pw sync and update both. But how can you get the winclients to offer
>> you a "change password" dialog if they do not detect a PDC? And for
>> which server (if not _the_ PDC) should they offer this?
>
> The server you logged in to, of course. Samba's done
> this from **way** back before 1.9.18. All this PDC
> stuiff is a red herring. Which, admittedly, sure
> does sell NT server.
So I can have a logon server for all Windowses incl. NT that is not a
PDC? How do I do this?
Thanx,