Rowland Penny
2022-Mar-14  15:33 UTC
[Samba] How to test that the administrator password is correct in a script?
On Mon, 2022-03-14 at 09:23 -0500, Patrick Goetz via samba wrote:> Since this took longer than I thought to get right, I'm sharing the > bash > shell snippet used to test that the Administrator password the > script > user entered is correct before proceeding. I looked at Roland's > thing, > but this seemed simpler: > > ($DATASERVER can be any old computer bound to the domain) > ------------------------------------------------------------------- > --- > read -s -p "Administrator Password: " APASS > echo > > PWCHECK=$(samba-tool computer show $DATASERVER > --attributes=sAMAccountName -H ldap://samba-dc -U > "administrator%${APASS}" 2>&1) > > PWCHECK=${PWCHECK:0:2} > > if [ "${PWCHECK}" != "dn" ]; then > echo "Administrator password is incorrect" > exit 1 > fiYes, it is simpler, but your way is sending Administrators password over the wire, mine doesn't. Rowland
Patrick Goetz
2022-Mar-14  16:48 UTC
[Samba] How to test that the administrator password is correct in a script?
On 3/14/22 10:33, Rowland Penny via samba wrote:> On Mon, 2022-03-14 at 09:23 -0500, Patrick Goetz via samba wrote: >> Since this took longer than I thought to get right, I'm sharing the >> bash >> shell snippet used to test that the Administrator password the >> script >> user entered is correct before proceeding. I looked at Roland's >> thing, >> but this seemed simpler: >> >> ($DATASERVER can be any old computer bound to the domain) >> ------------------------------------------------------------------- >> --- >> read -s -p "Administrator Password: " APASS >> echo >> >> PWCHECK=$(samba-tool computer show $DATASERVER >> --attributes=sAMAccountName -H ldap://samba-dc -U >> "administrator%${APASS}" 2>&1) >> >> PWCHECK=${PWCHECK:0:2} >> >> if [ "${PWCHECK}" != "dn" ]; then >> echo "Administrator password is incorrect" >> exit 1 >> fi > > Yes, it is simpler, but your way is sending Administrators password > over the wire, mine doesn't. >Hmmm, that's a good point. I guess I assumed that the samba-tool communications would be encrypted -- is that not the case?> Rowland > > >