[ale] Password script for NT4 Linux environment

[Chris Fowler]

I handle this by allowing SMB to suthenticate off the Windows PDC.  We havd everyone in our company cnahge their password and it we still had acces to the Samba machine.

Chris


-----Original Message-----
From: Dan Newcombe [mailto:Newcombe at mordor.clayton.edu]
To: ale at ale.org
Sent: Thursday, November 09, 2000 2:54 PM
To: ALE
Subject: Re: [ale] Password script for NT4 Linux environment



On Thu, 9 Nov 2000, Ben Phillips wrote:
> On Thu, 9 Nov 2000, Martin Nichols wrote:
> > I am looking for a pasword script that when a windoze user changes his
> > password it will also change the password in Linux for the password and
> > samba files for that user.
> I assume the user in question is going to be running this as a shell
> command.  In which case, he should just use smbpasswd (you can always rename
> /usr/bin/passwd and replace it with a symlink to smbpasswd if you have to),
> and then enable password synchronization in /etc/smb.conf.


However, that won't do jack if the person changes their NT4 password.  The
smbpasswd will just deal with it if they change their unix password.
Unless it has some way of getting the fact the password changed on the PDC
and getting that password...which I hopefully doubt!


When a user changes their NT password, there is a registry key that tells
it what dll's to look at, and if those dll's export PasswordChangeNotify,
then call that function in that dll.  That function is handed the
username, uid, and new password.  You could then have that function call
your Linux box and hand it the new password.  


Microsoft actually does this with their "Unix services for NT/nt services
for unix" via a daemon that runs on the HP or Solaris box listening for
these changes.


This dll you write can also export a PasswordFilter function, which allows
you to provide your own "is this an okay" password checking.


Of course, there are two hurdles:
        1) development is a bitch cause every recompile requires a reboot
                to replace the dll
        2) convincing the sys admin of the NT box to let you put it on the 
                server.


For more info:
http://support.microsoft.com/support/kb/articles/Q151/0/82.asp?LN=EN-US&SD=gn&FR=0
or just search for PasswordChangeNotify in the Knowldege Base at
microsoft.com.


        -Dan


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.