Patrick Goetz
2022-Mar-12 20:53 UTC
[Samba] How to test that the administrator password is correct in a script?
I have a script which creates user accounts, makes home directories, adds the users to groups, etc., but I'd like to make it more elegant. Right now if the administrator password is incorrectly entered you get a bunch of python errors as output. Also, since the script runs as root, some steps (e.g. home directory creation) are carried out even if the user creation fails because the administrator password was entered incorrectly. I'd like to check the correctness of the password before actually doing anything -- has anyone figured out a good way to do this? My thought was to run some command as administrator and exit if the output indicates that the correct data wasn't retrieved. This problem is compounded by the fact that it appears samba-tool only works on a DC -- is this correct? Whenever I try to run something like samba-tool user list -U administrator on a client machine I just get a bunch of python errors. Seems like it should be possible to make this tool work from anywhere in the domain.
Rowland Penny
2022-Mar-12 21:12 UTC
[Samba] How to test that the administrator password is correct in a script?
On Sat, 2022-03-12 at 14:53 -0600, Patrick Goetz via samba wrote:> I have a script which creates user accounts, makes home directories, > adds the users to groups, etc., but I'd like to make it more elegant. > > Right now if the administrator password is incorrectly entered you > get a > bunch of python errors as output. Also, since the script runs as > root, > some steps (e.g. home directory creation) are carried out even if > the > user creation fails because the administrator password was entered > incorrectly.Use 'kinit' to test the Administrator password: echo "$THE_PASSWORD" | kinit Administrator ; status="$?" ; echo "$status" Having done that, you can then use kerberos with script.> > I'd like to check the correctness of the password before actually > doing > anything -- has anyone figured out a good way to do this? My thought > was > to run some command as administrator and exit if the output > indicates > that the correct data wasn't retrieved. > > This problem is compounded by the fact that it appears samba-tool > only > works on a DC -- is this correct? Whenever I try to run something > likeNo, you can run must of the commands on a Unix domain member by using '-H' e.g. -H ldap://dc1> > samba-tool user list -U administrator > > on a client machine I just get a bunch of python errors. Seems like > it > should be possible to make this tool work from anywhere in the > domain.You can create the users Unix homedir on the fly with a 'root preexec' script. Rowland