Web lists-archives.com

Re: [Samba] syncpasswords/getpassword: some examples, please...




On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
samba@xxxxxxxxxxxxxxx> wrote:

>
> [Clearly, this question is intimately connected to the previous...]
>
> I need a way to ''preprocess'' or at least intercept password changes,
> because i need to propagate them to other ''legacy'' systems.
>
> I've looked around and found syncpasswords / getpassword samba-tool
> commands, but really i've not understood how they work.
> Seems to me that can be useful in my scope, but really i've not
> understood how.
>
> Googling around lead me to some mailing list posts, but was not
> sufficient (at least to me) to understand.
> Wiki seems have nothing on this topic.
>
>
> Someone can explain to me? Thanks.
>

Here are some instructions I have from our implementation on CentOS 7 and
Samba 4.5.

- configure gpg encrypted password for syncing to external system
  # gpg2 --gen-key
  # gpg2 --list-keys --keyid-format LONG

- add the pub key to "password hash gpg key ids" in smb.conf

- configure password script
  # samba-tool user syncpasswords --script=/some_folder/some_script.py
--cache-ldb-initialize --decrypt-samba-gpg
--attributes=virtualClearTextUTF8,sAMAccountName
  # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
--daemon

some_script.py receives the username (sAMAccountName) and password
(virtualClearTextUTF8) in base64. The script ends with print 'DONE-EXIT: '.


Dale
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba