using samba and ldap - redhat 7.3
trying to work on a short cgi to update samba password (it is a url with
attributes username and password). I am not very good at all with perl, so
if someone can take a quick ponder and help me out, that would be great.
I think that it fails in theory however, because to change other users
password, you need to be root ... So I was wondering if anyone knows what
the encryption the smbpasswd uses to write the 2 passwords to the LDAP
directory and then how to call them via a command line..then I can use the
ldapmodify to do the change .. however, that line fails as well in the code
below.
If anyone has ideas or solutions, that would be absolutely brillant.
--------
#!/usr/bin/perl
use CGI;
use strict;
my $app = new CGI;
my $username = $app->param('username');
my $password = $app->param('password');
use CGI;
use strict;
my $app = new CGI;
my $username = $app->param('username');
my $password = $app->param('password');
if ($username ne "" && $password ne "") {
my $md5 = `/usr/sbin/slappasswd -s $password -h {MD5}`;
my $temp_ldif = "dn: uid=USERNAME,ou=People,dc=prupref,dc=com
changetype: modify
replace: userPassword
userPassword: PASSWORD";
$temp_ldif =~ s/USERNAME/$username/;
$temp_ldif =~ s/PASSWORD/$md5/;
my $ldap_update = `echo "$temp_ldif\n" | /usr/bin/ldapmodify
-x -D
"cn=root,dc=prupref,dc=com" -w ROOTPASSWORD 2>&1`;
my $samba_update = `echo "$password\n$password\n" |
/usr/bin/smbpasswd -s $username 2>&1`;
print $app->header();
print $app->start_html();
print $app->h1({align=>'center'}, "Password
Changed");
print $app->h1("$md5");
print $app->h1("LDAP RESPONSE: $ldap_update");
print $app->h1("SAMBA RESPONSE: $samba_update");
print $app->end_html();
}
else {
print $app->header();
print $app->start_html();
print $app->h1({align=>'center'}, "Change Password
Utility");
print $app->end_html();
}
I have been able to do the same .. i am not using ldap ... below are few
lines of code in perl that might be of some help to u ...as far as changing
the password to become another user u can use the sudo to become other user
....please let me know if this helps ;-)
#!/usr/bin/perl
use CGI;
$cgi=new CGI;
print "Content-type: text/html\n\n";
$submit = $cgi->param('submit');
$pass_length = 5;
$sudo='/usr/bin/sudo';
$user=$cgi->param('user');
$oldpassword=$cgi->param('pass');
$newpassword=$cgi->param('newpass');
use Crypt::SmbHash;
my ($login,undef,$uid) = getpwnam($user);
ntlmgen $oldpassword, $lm, $nt; ### This generated encrypted password
system("$sudo","chpass1.pl","$user","$newpassword")
&& print " Cannot change
$! \n";
----- Original Message -----
From: "Chris McKeever" <cgmckeever@prupref.com>
To: <samba@lists.samba.org>
Sent: Monday, April 28, 2003 2:19 AM
Subject: [Samba] smbpasswd via cgi
> using samba and ldap - redhat 7.3
>
> trying to work on a short cgi to update samba password (it is a url with
> attributes username and password). I am not very good at all with perl,
so> if someone can take a quick ponder and help me out, that would be great.
>
> I think that it fails in theory however, because to change other users
> password, you need to be root ... So I was wondering if anyone knows what
> the encryption the smbpasswd uses to write the 2 passwords to the LDAP
> directory and then how to call them via a command line..then I can use the
> ldapmodify to do the change .. however, that line fails as well in the
code> below.
>
> If anyone has ideas or solutions, that would be absolutely brillant.
>
>
> --------
> #!/usr/bin/perl
>
> use CGI;
> use strict;
>
> my $app = new CGI;
>
>
> my $username = $app->param('username');
> my $password = $app->param('password');
>
> use CGI;
> use strict;
>
> my $app = new CGI;
>
>
> my $username = $app->param('username');
> my $password = $app->param('password');
>
> if ($username ne "" && $password ne "") {
>
> my $md5 = `/usr/sbin/slappasswd -s $password -h {MD5}`;
>
> my $temp_ldif = "dn: uid=USERNAME,ou=People,dc=prupref,dc=com
> changetype: modify
> replace: userPassword
> userPassword: PASSWORD";
>
> $temp_ldif =~ s/USERNAME/$username/;
> $temp_ldif =~ s/PASSWORD/$md5/;
>
> my $ldap_update = `echo "$temp_ldif\n" |
/usr/bin/ldapmodify -x -D
> "cn=root,dc=prupref,dc=com" -w ROOTPASSWORD 2>&1`;
>
> my $samba_update = `echo "$password\n$password\n" |
> /usr/bin/smbpasswd -s $username 2>&1`;
>
> print $app->header();
> print $app->start_html();
> print $app->h1({align=>'center'}, "Password
Changed");
> print $app->h1("$md5");
> print $app->h1("LDAP RESPONSE: $ldap_update");
> print $app->h1("SAMBA RESPONSE: $samba_update");
> print $app->end_html();
> }
> else {
> print $app->header();
> print $app->start_html();
> print $app->h1({align=>'center'}, "Change
Password Utility");
> print $app->end_html();
> }
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
That module was exactly what I was hoping for!!! One last piece (figure out why the ldapmodify fails), and I am gtg! Thank you Kiran!> -----Original Message----- > From: Kiran Kumar M [mailto:kiran.km@comat.com] > Sent: Sunday, April 27, 2003 11:51 PM > To: Chris McKeever; samba@lists.samba.org > Subject: Re: [Samba] smbpasswd via cgi > > > I have been able to do the same .. i am not using ldap ... > below are few > lines of code in perl that might be of some help to u ...as > far as changing > the password to become another user u can use the sudo to > become other user > ....please let me know if this helps ;-) > > #!/usr/bin/perl > > use CGI; > $cgi=new CGI; > print "Content-type: text/html\n\n"; > > $submit = $cgi->param('submit'); > $pass_length = 5; > $sudo='/usr/bin/sudo'; > > $user=$cgi->param('user'); > $oldpassword=$cgi->param('pass'); > $newpassword=$cgi->param('newpass'); > > use Crypt::SmbHash; > > my ($login,undef,$uid) = getpwnam($user); > ntlmgen $oldpassword, $lm, $nt; ### This generated encrypted password > system("$sudo","chpass1.pl","$user","$newpassword") && print > " Cannot change > $! \n"; > > > > > > > > > ----- Original Message ----- > From: "Chris McKeever" <cgmckeever@prupref.com> > To: <samba@lists.samba.org> > Sent: Monday, April 28, 2003 2:19 AM > Subject: [Samba] smbpasswd via cgi > > > > using samba and ldap - redhat 7.3 > > > > trying to work on a short cgi to update samba password (it > is a url with > > attributes username and password). I am not very good at > all with perl, > so > > if someone can take a quick ponder and help me out, that > would be great. > > > > I think that it fails in theory however, because to change > other users > > password, you need to be root ... So I was wondering if > anyone knows what > > the encryption the smbpasswd uses to write the 2 passwords > to the LDAP > > directory and then how to call them via a command > line..then I can use the > > ldapmodify to do the change .. however, that line fails as > well in the > code > > below. > > > > If anyone has ideas or solutions, that would be absolutely brillant. > > > > > > -------- > > #!/usr/bin/perl > > > > use CGI; > > use strict; > > > > my $app = new CGI; > > > > > > my $username = $app->param('username'); > > my $password = $app->param('password'); > > > > use CGI; > > use strict; > > > > my $app = new CGI; > > > > > > my $username = $app->param('username'); > > my $password = $app->param('password'); > > > > if ($username ne "" && $password ne "") { > > > > my $md5 = `/usr/sbin/slappasswd -s $password -h {MD5}`; > > > > my $temp_ldif = "dn: > uid=USERNAME,ou=People,dc=prupref,dc=com > > changetype: modify > > replace: userPassword > > userPassword: PASSWORD"; > > > > $temp_ldif =~ s/USERNAME/$username/; > > $temp_ldif =~ s/PASSWORD/$md5/; > > > > my $ldap_update = `echo "$temp_ldif\n" | > /usr/bin/ldapmodify -x -D > > "cn=root,dc=prupref,dc=com" -w ROOTPASSWORD 2>&1`; > > > > my $samba_update = `echo "$password\n$password\n" | > > /usr/bin/smbpasswd -s $username 2>&1`; > > > > print $app->header(); > > print $app->start_html(); > > print $app->h1({align=>'center'}, "Password Changed"); > > print $app->h1("$md5"); > > print $app->h1("LDAP RESPONSE: $ldap_update"); > > print $app->h1("SAMBA RESPONSE: $samba_update"); > > print $app->end_html(); > > } > > else { > > print $app->header(); > > print $app->start_html(); > > print $app->h1({align=>'center'}, "Change Password > Utility"); > > print $app->end_html(); > > } > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > >