Web lists-archives.com

Re: [Samba] syncpasswords/getpassword: some examples, please...




On Wed, 27 Sep 2017 17:18:45 -0300
Dale Renton via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
> samba@xxxxxxxxxxxxxxx> wrote:
> 
> >
> > [Clearly, this question is intimately connected to the previous...]
> >
> > I need a way to ''preprocess'' or at least intercept password
> > changes, because i need to propagate them to other ''legacy''
> > systems.
> >
> > I've looked around and found syncpasswords / getpassword samba-tool
> > commands, but really i've not understood how they work.
> > Seems to me that can be useful in my scope, but really i've not
> > understood how.
> >
> > Googling around lead me to some mailing list posts, but was not
> > sufficient (at least to me) to understand.
> > Wiki seems have nothing on this topic.
> >
> >
> > Someone can explain to me? Thanks.
> >
> 
> Here are some instructions I have from our implementation on CentOS 7
> and Samba 4.5.
> 
> - configure gpg encrypted password for syncing to external system
>   # gpg2 --gen-key
>   # gpg2 --list-keys --keyid-format LONG
> 
> - add the pub key to "password hash gpg key ids" in smb.conf
> 
> - configure password script
>   # samba-tool user syncpasswords --script=/some_folder/some_script.py
> --cache-ldb-initialize --decrypt-samba-gpg
> --attributes=virtualClearTextUTF8,sAMAccountName
>   # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
> --daemon
> 
> some_script.py receives the username (sAMAccountName) and password
> (virtualClearTextUTF8) in base64. The script ends with print
> 'DONE-EXIT: '.
> 
> 
> Dale

You could just have posted a link to the webpage:

https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba