syncpasswords/getpassword: some examples, please...

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

syncpasswords/getpassword: some examples, please...

Samba - General mailing list

[Clearly, this question is intimately connected to the previous...]

I need a way to ''preprocess'' or at least intercept password changes,
because i need to propagate them to other ''legacy'' systems.

I've looked around and found syncpasswords / getpassword samba-tool
commands, but really i've not understood how they work.
Seems to me that can be useful in my scope, but really i've not
understood how.

Googling around lead me to some mailing list posts, but was not
sufficient (at least to me) to understand.
Wiki seems have nothing on this topic.


Someone can explain to me? Thanks.

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: syncpasswords/getpassword: some examples, please...

Samba - General mailing list
On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
[hidden email]> wrote:

>
> [Clearly, this question is intimately connected to the previous...]
>
> I need a way to ''preprocess'' or at least intercept password changes,
> because i need to propagate them to other ''legacy'' systems.
>
> I've looked around and found syncpasswords / getpassword samba-tool
> commands, but really i've not understood how they work.
> Seems to me that can be useful in my scope, but really i've not
> understood how.
>
> Googling around lead me to some mailing list posts, but was not
> sufficient (at least to me) to understand.
> Wiki seems have nothing on this topic.
>
>
> Someone can explain to me? Thanks.
>

Here are some instructions I have from our implementation on CentOS 7 and
Samba 4.5.

- configure gpg encrypted password for syncing to external system
  # gpg2 --gen-key
  # gpg2 --list-keys --keyid-format LONG

- add the pub key to "password hash gpg key ids" in smb.conf

- configure password script
  # samba-tool user syncpasswords --script=/some_folder/some_script.py
--cache-ldb-initialize --decrypt-samba-gpg
--attributes=virtualClearTextUTF8,sAMAccountName
  # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
--daemon

some_script.py receives the username (sAMAccountName) and password
(virtualClearTextUTF8) in base64. The script ends with print 'DONE-EXIT: '.


Dale
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: syncpasswords/getpassword: some examples, please...

Samba - General mailing list
Mandi! Dale Renton via samba
  In chel di` si favelave...

> Here are some instructions I have from our implementation on CentOS 7 and
> Samba 4.5.

It is a good starting point. Thanks!

--
dott. Marco Gaiarin        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''          http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

                Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
        (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: syncpasswords/getpassword: some examples, please...

Samba - General mailing list
In reply to this post by Samba - General mailing list
On Wed, 27 Sep 2017 17:18:45 -0300
Dale Renton via samba <[hidden email]> wrote:

> On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
> [hidden email]> wrote:
>
> >
> > [Clearly, this question is intimately connected to the previous...]
> >
> > I need a way to ''preprocess'' or at least intercept password
> > changes, because i need to propagate them to other ''legacy''
> > systems.
> >
> > I've looked around and found syncpasswords / getpassword samba-tool
> > commands, but really i've not understood how they work.
> > Seems to me that can be useful in my scope, but really i've not
> > understood how.
> >
> > Googling around lead me to some mailing list posts, but was not
> > sufficient (at least to me) to understand.
> > Wiki seems have nothing on this topic.
> >
> >
> > Someone can explain to me? Thanks.
> >
>
> Here are some instructions I have from our implementation on CentOS 7
> and Samba 4.5.
>
> - configure gpg encrypted password for syncing to external system
>   # gpg2 --gen-key
>   # gpg2 --list-keys --keyid-format LONG
>
> - add the pub key to "password hash gpg key ids" in smb.conf
>
> - configure password script
>   # samba-tool user syncpasswords --script=/some_folder/some_script.py
> --cache-ldb-initialize --decrypt-samba-gpg
> --attributes=virtualClearTextUTF8,sAMAccountName
>   # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
> --daemon
>
> some_script.py receives the username (sAMAccountName) and password
> (virtualClearTextUTF8) in base64. The script ends with print
> 'DONE-EXIT: '.
>
>
> Dale

You could just have posted a link to the webpage:

https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba