AD: password change bug?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

AD: password change bug?

Samba - General mailing list
Hello,

I'm using samba 4.5.8 (have not tried later), in a domain (linux
servers, windows clients).
some applications need to use IMAP and force us to use ASCII only
password
(read: thunderbird and other mobile apps)

If a user on win7/win10 changes password and uses non-ascii characters
the mail obviously does not work, but the rest of the domain is ok.


so we thought to use the "check password script".

something like:

#/bin/bash

read -t 2 PWD
ASCII_PWD=$(echo "$PWD"|iconv -f utf-8 -t ascii//TRANSLIT)
if [ "${PWD}" != "${ASCII_PWD}" ]; then
     exit 1
fi
exit 0



Simple, and it **seems** to work.

During testing and debugging I had the script output the input and all
possible conversions from all iconv-supported charsets to utf-8,
because I was seeing strange things. Nothing helped.

Sometimes I would get the correct euro (€) and pund (£) symbols,
but then the password would be truncated 5-8 chars later.
On input, **before** passing to iconv.
most of the times the conversion failed to produce something coherent.

So I would *guess* the input is utf-8, but although the script seems to
work,
I am not sure it should go in production, if it is a known problem/bug.

given this:
https://bugzilla.samba.org/show_bug.cgi?id=6411

I suspect it is an old bug, so the question is: should I report it
again?
anyone had this problem? thoughts?


Thank you,
Luca




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: AD: password change bug?

Samba - General mailing list
Mandi! Luca Fulchir via samba
  In chel di` si favelave...

> anyone had this problem? thoughts?

After fiddling a bit with that, some year ago (still on samba3/NT),
finally we have write down a policy (eg, a piace of paper punched on
the showcase ;-) that forbid user to use accented letters in password.

So, yes, this still is a problem. ;-)

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba