samba - Sep 2017 - syncpasswords/getpassword: some examples, please...

[Clearly, this question is intimately connected to the previous...]

I need a way to ''preprocess'' or at least intercept password
changes,
because i need to propagate them to other ''legacy'' systems.

I've looked around and found syncpasswords / getpassword samba-tool
commands, but really i've not understood how they work.
Seems to me that can be useful in my scope, but really i've not
understood how.

Googling around lead me to some mailing list posts, but was not
sufficient (at least to me) to understand.
Wiki seems have nothing on this topic.


Someone can explain to me? Thanks.

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
samba at lists.samba.org> wrote:
>
> [Clearly, this question is intimately connected to the previous...]
>
> I need a way to ''preprocess'' or at least intercept
password changes,
> because i need to propagate them to other ''legacy''
systems.
>
> I've looked around and found syncpasswords / getpassword samba-tool
> commands, but really i've not understood how they work.
> Seems to me that can be useful in my scope, but really i've not
> understood how.
>
> Googling around lead me to some mailing list posts, but was not
> sufficient (at least to me) to understand.
> Wiki seems have nothing on this topic.
>
>
> Someone can explain to me? Thanks.
>
Here are some instructions I have from our implementation on CentOS 7 and
Samba 4.5.

- configure gpg encrypted password for syncing to external system
  # gpg2 --gen-key
  # gpg2 --list-keys --keyid-format LONG

- add the pub key to "password hash gpg key ids" in smb.conf

- configure password script
  # samba-tool user syncpasswords --script=/some_folder/some_script.py
--cache-ldb-initialize --decrypt-samba-gpg
--attributes=virtualClearTextUTF8,sAMAccountName
  # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
--daemon

some_script.py receives the username (sAMAccountName) and password
(virtualClearTextUTF8) in base64. The script ends with print 'DONE-EXIT:
'.


Dale

Mandi! Dale Renton via samba
  In chel di` si favelave...
> Here are some instructions I have from our implementation on CentOS 7 and
> Samba 4.5.
It is a good starting point. Thanks!

-- 
dott. Marco Gaiarin				        GNUPG Key ID: 240A3D66
  Associazione ``La Nostra Famiglia''         
http://www.lanostrafamiglia.it/
  Polo FVG   -   Via della Bontà, 7 - 33078   -   San Vito al Tagliamento (PN)
  marco.gaiarin(at)lanostrafamiglia.it   t +39-0434-842711   f +39-0434-842797

		Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
      http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000
	(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)

On Wed, 27 Sep 2017 17:18:45 -0300
Dale Renton via samba <samba at lists.samba.org> wrote:
> On Tue, Sep 26, 2017 at 1:30 PM, Marco Gaiarin via samba <
> samba at lists.samba.org> wrote:
> 
> >
> > [Clearly, this question is intimately connected to the previous...]
> >
> > I need a way to ''preprocess'' or at least intercept
password
> > changes, because i need to propagate them to other
''legacy''
> > systems.
> >
> > I've looked around and found syncpasswords / getpassword
samba-tool
> > commands, but really i've not understood how they work.
> > Seems to me that can be useful in my scope, but really i've not
> > understood how.
> >
> > Googling around lead me to some mailing list posts, but was not
> > sufficient (at least to me) to understand.
> > Wiki seems have nothing on this topic.
> >
> >
> > Someone can explain to me? Thanks.
> >
> 
> Here are some instructions I have from our implementation on CentOS 7
> and Samba 4.5.
> 
> - configure gpg encrypted password for syncing to external system
>   # gpg2 --gen-key
>   # gpg2 --list-keys --keyid-format LONG
> 
> - add the pub key to "password hash gpg key ids" in smb.conf
> 
> - configure password script
>   # samba-tool user syncpasswords --script=/some_folder/some_script.py
> --cache-ldb-initialize --decrypt-samba-gpg
> --attributes=virtualClearTextUTF8,sAMAccountName
>   # samba-tool user syncpasswords --logfile=/var/log/some_log_file.log
> --daemon
> 
> some_script.py receives the username (sAMAccountName) and password
> (virtualClearTextUTF8) in base64. The script ends with print
> 'DONE-EXIT: '.
> 
> 
> Dale
You could just have posted a link to the webpage:

https://dev.tranquil.it/wiki/SAMBA_-_Synchronisation_des_mots_de_passe_entre_un_Samba4_et_une_OpenLDAP

Rowland