M. Hand
2011-Sep-07 20:54 UTC
[Puppet Users] Using Puppet to reset admin passwords on Windows
Please bare with me as I have VERY limited experience with this: I need to find a way to be able to reset administrator passwords on our network. Most of our network is Linux, however we are looking into the Windows side. Any help would be appreciated. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jacob Helwig
2011-Sep-07 21:42 UTC
Re: [Puppet Users] Using Puppet to reset admin passwords on Windows
On Wed, 07 Sep 2011 13:54:53 -0700, M. Hand wrote:> > Please bare with me as I have VERY limited experience with this: > > I need to find a way to be able to reset administrator passwords on > our network. Most of our network is Linux, however we are looking into > the Windows side. > > Any help would be appreciated. >Puppet only recently gained the ability to manage local users (though not yet passwords) on Windows, though it''s only in the latest development versions of 2.7.x. We''re planning on adding support for managing passwords for local users, though we''re still looking for a good way to do this that doesn''t require specifying the password in plain-text in the Puppet manifest. -- Jacob Helwig ,---- | Join us for PuppetConf, September 22nd and 23rd in Portland, OR | http://bit.ly/puppetconfsig `----
M. Hand
2011-Sep-08 16:51 UTC
[Puppet Users] Re: Using Puppet to reset admin passwords on Windows
Is there a way to have a Windows hashed password setup from the command line (ie we have a pw hash, how do we, on command line, update a users pw with that hash)? On Sep 7, 5:42 pm, Jacob Helwig <ja...@puppetlabs.com> wrote:> Puppet only recently gained the ability to manage local users (though > not yet passwords) on Windows, though it''s only in the latest > development versions of 2.7.x. > > We''re planning on adding support for managing passwords for local users, > though we''re still looking for a good way to do this that doesn''t > require specifying the password in plain-text in the Puppet manifest.-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2011-Sep-08 16:55 UTC
Re: [Puppet Users] Re: Using Puppet to reset admin passwords on Windows
On Thu, Sep 8, 2011 at 9:51 AM, M. Hand <mattxhand@gmail.com> wrote:> Is there a way to have a Windows hashed password setup from the > command line (ie we have a pw hash, how do we, on command line, update > a users pw with that hash)? >That''s the problem we haven''t solved yet. Suggestions much appreciated!> > On Sep 7, 5:42 pm, Jacob Helwig <ja...@puppetlabs.com> wrote: > > > Puppet only recently gained the ability to manage local users (though > > not yet passwords) on Windows, though it''s only in the latest > > development versions of 2.7.x. > > > > We''re planning on adding support for managing passwords for local users, > > though we''re still looking for a good way to do this that doesn''t > > require specifying the password in plain-text in the Puppet manifest. > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > >-- Nigel Kersten Product Manager, Puppet Labs *Join us for **PuppetConf * <http://www.bit.ly/puppetconfsig> Sept 22/23 Portland, Oregon, USA. * * -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Craig White
2011-Sep-08 17:49 UTC
Re: [Puppet Users] Re: Using Puppet to reset admin passwords on Windows
On Sep 8, 2011, at 9:55 AM, Nigel Kersten wrote:> > > On Thu, Sep 8, 2011 at 9:51 AM, M. Hand <mattxhand@gmail.com> wrote: > Is there a way to have a Windows hashed password setup from the > command line (ie we have a pw hash, how do we, on command line, update > a users pw with that hash)? > > That''s the problem we haven''t solved yet. Suggestions much appreciated!---- Not much of a help here but there is a perl module for this - I know because webmin uses it. (ubuntu packaging) # apt-cache search smbhash libcrypt-smbhash-perl - generate LM/NT hash of a password for samba I did find this via Google http://stackoverflow.com/questions/334519/ldap-through-ruby-or-rails that suggests that something like this should work... OpenSSL::Digest::MD4.hexdigest(Iconv.iconv("UCS-2", "UTF-8", pass).join).upcase Craig -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Nigel Kersten
2011-Sep-08 18:28 UTC
Re: [Puppet Users] Re: Using Puppet to reset admin passwords on Windows
On Thu, Sep 8, 2011 at 10:49 AM, Craig White <craig.white@ttiltd.com> wrote:> > On Sep 8, 2011, at 9:55 AM, Nigel Kersten wrote: > > > > > > > On Thu, Sep 8, 2011 at 9:51 AM, M. Hand <mattxhand@gmail.com> wrote: > > Is there a way to have a Windows hashed password setup from the > > command line (ie we have a pw hash, how do we, on command line, update > > a users pw with that hash)? > > > > That''s the problem we haven''t solved yet. Suggestions much appreciated! > ---- > Not much of a help here but there is a perl module for this - I know > because webmin uses it. > > (ubuntu packaging) > # apt-cache search smbhash > libcrypt-smbhash-perl - generate LM/NT hash of a password for samba > > I did find this via Google > http://stackoverflow.com/questions/334519/ldap-through-ruby-or-rails > > that suggests that something like this should work... > OpenSSL::Digest::MD4.hexdigest(Iconv.iconv("UCS-2", "UTF-8", > pass).join).upcase > >It''s more that we would like to be able to preserve the behavior we get on *nix systems, where you can simply pass the hash around in Puppet manifests, Puppet can verify that the current hash matches the provided one, and can update the hash itself, all without having to expose the clear text password itself at any time. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.