Discussion:
[Samba] Check password script
b***@lesfourmisduweb.org
2016-06-09 12:28:46 UTC
Permalink
Hello

I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.

Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Garming Sam
2016-06-10 01:37:00 UTC
Permalink
Hi,

Are you running Samba active directory?


Cheers,

Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
b***@lesfourmisduweb.org
2016-06-10 06:16:26 UTC
Permalink
Hi

Yes, active directory

Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
g***@catalyst.net.nz
2016-06-10 08:41:06 UTC
Permalink
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.

Cheers,

Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
b***@lesfourmisduweb.org
2016-06-10 09:12:10 UTC
Permalink
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"

Your patch it allows you also to retrieve the user name ?

Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
g***@catalyst.net.nz
2016-06-10 11:12:06 UTC
Permalink
That sounds somewhat out of scope of the original parameter. I would be
happy to explain how the patches could be modified to send the username
(possibly as the first argument to the script). It shouldn't be a
particularly difficult change, but I'd have to look a bit closer first.

Cheers,

Garming
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
b***@lesfourmisduweb.org
2016-06-10 11:22:43 UTC
Permalink
Post by g***@catalyst.net.nz
That sounds somewhat out of scope of the original parameter.
A further parameter can he do this function ?
Post by g***@catalyst.net.nz
I would be
happy to explain how the patches could be modified to send the username
(possibly as the first argument to the script). It shouldn't be a
particularly difficult change, but I'd have to look a bit closer first.
I am interested ! Thank you for your help !
Do not hesitate to contact me !

Simon
Post by g***@catalyst.net.nz
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Fonteneau Simon
2016-06-13 20:03:33 UTC
Permalink
I just thought , %U can already pass the username argument to the script ?

Simon https://blog.lesfourmisduweb.org
Post by b***@lesfourmisduweb.org
Post by g***@catalyst.net.nz
That sounds somewhat out of scope of the original parameter.
A further parameter can he do this function ?
Post by g***@catalyst.net.nz
I would be
happy to explain how the patches could be modified to send the username
(possibly as the first argument to the script). It shouldn't be a
particularly difficult change, but I'd have to look a bit closer first.
I am interested ! Thank you for your help !
Do not hesitate to contact me !
Simon
Post by g***@catalyst.net.nz
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream
however.
I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Denis Cardon
2016-06-16 17:48:32 UTC
Permalink
Hi Simon,
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
If your need is to have a ssha/cryptsha256/512 hash of the user password
for third party apps authentication, you may take a look at the patch of
metze [1], it seems to do just that.

Cheers,

Denis

[1]
https://lists.samba.org/archive/samba-technical/2016-February/112300.html
Post by b***@lesfourmisduweb.org
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Fonteneau Simon
2016-06-16 21:49:51 UTC
Permalink
interesting !
Let me take a closer look at that.

I must send passwords in Office 365 and Google Apps.
Currently, My script works but it requires that Samba is configured with
the "Plain text Password" option. I want to change that.

"Check password script" could solve my problem.

"http://ltb-project.org/wiki/documentation/self-service-password" with "
post hook" solves my problem currently.

I wish I use it like this :
Check password script = /script/scriptpassword.sh %U

I will also see what offers me the patch of Garming Sam.

Simon https://blog.lesfourmisduweb.org
Post by Denis Cardon
Hi Simon,
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
If your need is to have a ssha/cryptsha256/512 hash of the user
password for third party apps authentication, you may take a look at
the patch of metze [1], it seems to do just that.
Cheers,
Denis
[1]
https://lists.samba.org/archive/samba-technical/2016-February/112300.html
Post by b***@lesfourmisduweb.org
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Garming Sam
2016-06-17 00:51:00 UTC
Permalink
Unfortunately, there are other restrictions which disallow the use of
macros in the active directory code, so it wouldn't be as simple as that.

Thanks Denis for suggesting metze's branch. That might actually be the
most appropriate way to solve this issue. Although there have been other
ways of syncing passwords in the past, none of them are currently
compatible with active directory. You'd have to do perform some form of
migration, but that shouldn't be too difficult with the existing
plaintext passwords.

Metze has unfortunately been waiting for this to be merged for a while,
hopefully I can get this sped up.


Cheers,

Garming
Post by Fonteneau Simon
interesting !
Let me take a closer look at that.
I must send passwords in Office 365 and Google Apps.
Currently, My script works but it requires that Samba is configured
with the "Plain text Password" option. I want to change that.
"Check password script" could solve my problem.
"http://ltb-project.org/wiki/documentation/self-service-password" with
" post hook" solves my problem currently.
Check password script = /script/scriptpassword.sh %U
I will also see what offers me the patch of Garming Sam.
Simon https://blog.lesfourmisduweb.org
Post by Denis Cardon
Hi Simon,
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
If your need is to have a ssha/cryptsha256/512 hash of the user
password for third party apps authentication, you may take a look at
the patch of metze [1], it seems to do just that.
Cheers,
Denis
[1]
https://lists.samba.org/archive/samba-technical/2016-February/112300.html
Post by b***@lesfourmisduweb.org
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
b***@lesfourmisduweb.org
2016-06-17 07:13:28 UTC
Permalink
Hi

Google provided a method ( for windows active directory ) that retrieves
the password while editing .
Some technical details are explained :
https://support.google.com/a/answer/2920764

https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms721766%28v=vs.85%29.aspx

This is used with their software "Google Apps Password Sync"

But, i Change the original function of the parameter "Check password
script" ...

So I guess it will surely be possible to activate it later ?

Thank you

Simon
Post by Garming Sam
Unfortunately, there are other restrictions which disallow the use of
macros in the active directory code, so it wouldn't be as simple as that.
Thanks Denis for suggesting metze's branch. That might actually be the
most appropriate way to solve this issue. Although there have been other
ways of syncing passwords in the past, none of them are currently
compatible with active directory. You'd have to do perform some form of
migration, but that shouldn't be too difficult with the existing
plaintext passwords.
Metze has unfortunately been waiting for this to be merged for a while,
hopefully I can get this sped up.
Cheers,
Garming
Post by Fonteneau Simon
interesting !
Let me take a closer look at that.
I must send passwords in Office 365 and Google Apps.
Currently, My script works but it requires that Samba is configured
with the "Plain text Password" option. I want to change that.
"Check password script" could solve my problem.
"http://ltb-project.org/wiki/documentation/self-service-password" with
" post hook" solves my problem currently.
Check password script = /script/scriptpassword.sh %U
I will also see what offers me the patch of Garming Sam.
Simon https://blog.lesfourmisduweb.org
Post by Denis Cardon
Hi Simon,
Post by b***@lesfourmisduweb.org
Yes it could be interesting.
I want to use it to send the password has an API for other software. I
currently use the "Store passwords using reversible encryption" to use
my API. But I do not like this operation. I then use
"http://ltb-project.org/wiki/documentation/self-service-password" with
the " post hook"
If your need is to have a ssha/cryptsha256/512 hash of the user
password for third party apps authentication, you may take a look at
the patch of metze [1], it seems to do just that.
Cheers,
Denis
[1]
https://lists.samba.org/archive/samba-technical/2016-February/112300.html
Post by b***@lesfourmisduweb.org
Your patch it allows you also to retrieve the user name ?
Thank you verry much !
Post by g***@catalyst.net.nz
Currently the functionality is not implemented in active directory (I also
mistakenly thought it was, until I was corrected). Fortunately, I recently
implemented it as a result of someone else raising it. It is still lacking
some testing and needs some more work to be integrated upstream however. I
should be able to supply the patches I have so far in the next week or so
if you're interested.
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hi
Yes, active directory
Simon
Post by Garming Sam
Hi,
Are you running Samba active directory?
Cheers,
Garming
Post by b***@lesfourmisduweb.org
Hello
I Can not run a "check password script" in smb.conf
Somebody can you tell me if this is depecated?
I find nothing in the official documentation.
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...