Yannick Tousignant
2002-May-21 13:24 UTC
[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working
with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX
which i fixed myself to fit my needs. Everything work very fine
when running the scripts in shell mode... but!
In smb.conf :
============
add user script = /usr/local/sbin/smbldap-useradd.pl -w %u
This line don't work and it should, because when running it
in a shell, everything works fine.
Again in smb.conf :
==================
unix password sync = yes
passwd program = /usr/local/sbin/passwd.sh %u
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*all*authentication*tokens*updated*successfully*
I made my own bash script to sync ldap (posix) password while samba
seems to handle samba (LANMAN AND NTHASH) password itself.
The password change works very fine, but when i try to update the
pwdMustChange to reset his value when a user changed his password,
the pwdMustChange isn't modified like it should be. Again everything
works very fine when running my script in shell mode.
Here it is :
---------------------CUT
HERE--------------------------------------------------
#!/bin/bash
echo -n "New password : "
read PASS1
echo -n "Retype new password : "
read PASS2
if [ "$PASS1" = "$PASS2" ]
then
echo "dn: uid=$1,ou=Users,dc=OKA" > /tmp/ldap.mod
echo "changetype: modify" >> /tmp/ldap.mod
echo "replace: pwdMustChange" >> /tmp/ldap.mod
echo "pwdMustChange: 2147483647" >> /tmp/ldap.mod
echo "" >> /tmp/ldap.mod
# NOT WORKING...!!!
/usr/local/bin/ldapmodify -v -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' -w
'secret' -r -f /tmp/ldap.mod
rm -f /tmp/ldap.mod
# WORKING!
/usr/local/bin/ldappasswd -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' \
-w 'secret' uid=$1,ou=Users,dc=OKA -s $PASS1 > /dev/null
echo "all authentication tokens updated successfully"
else
echo "Passwords do not match"
fi
#END
---------------------CUT
HERE--------------------------------------------------
There is something i don't get, first i though maybe samba wasn't
interpreting perl, but when my second script failed.. and after
many hour trying to understand, i'm pretty lost right now!
Btw, thanks to the samba team, openldap team and idealx
for all the great developpement you've been doing!
Hope i can find a way to make things work.
Yannick Tousignant
==================Gestion Informatique OKA lt?e.
Philip Burrow
2002-May-21 14:19 UTC
[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
> Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but!<snip> I had something like this. Check your password chat and make sure you set it to what it actually is when you run it on the shell. I can't remember off-hand what mine at work is, but I will post it tomorrow. The default from the IDEALX howto did not work for me. There's also a problem with smbldap-passwd.pl whereby the wrong ldappasswd command is issued in the script: $ret = system "$ldappasswd $dn -s $pass > /dev/null"; should be: $ret = system "$ldappasswd -s $pass $dn > /dev/null"; Increase your log level and check your logs, because this is how I found out what mine was doing. HTH Phil
Steve Meisner
2002-May-21 17:46 UTC
[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
Yannick Tousignant wrote:>unix password sync = yes > passwd program = /usr/local/sbin/passwd.sh %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n >*all*authentication*tokens*updated*successfully* >I think your passwd chat is the problem. In RedHat and Mandrake they have this string as two lines in the distributed smb.conf file. There needs to be a space between ...%n\n on the first line and *all*aut... on the second (continued line). I don't know if adding a space at the start of the firtst line will fix it or not. I fixed it by joining the first line with the second line and adding the space; i.e., ...Retype*new*password* %n \n *all*authentication... -- "Don't steal, the Government hates competition!" SCM Enterprise smeisner@concentric.net | http://www.concentric.net/~Smeisner Courtesy of Netscape and Linux 2.4 [running 2.4.18]
Yannick Tousignant
2002-May-22 06:00 UTC
[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
Hi everyone, I think some people missunderstood my first message. I'm trying to execute commands with "add user script" and "unix passwd sync" settings in smb.conf. The problem is, thoses commands are working fine when running them in command line, but when executed by samba passing thru smb.conf settings, they fail silently or are half executed. Thanks for you time, Yannick Tousignant> -----Original Message----- > From: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org]On > Behalf Of Yannick Tousignant > Sent: Tuesday, May 21, 2002 4:22 PM > To: samba@lists.samba.org > Subject: [Samba] Samba+PDC+LDAP (add user script + unix passwd sync) > Can't call perl script > > > Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but! > > > In smb.conf : > ============> > add user script = /usr/local/sbin/smbldap-useradd.pl -w %u > > This line don't work and it should, because when running it > in a shell, everything works fine. > > > Again in smb.conf : > ==================> > unix password sync = yes > passwd program = /usr/local/sbin/passwd.sh %u > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *all*authentication*tokens*updated*successfully* > > I made my own bash script to sync ldap (posix) password while samba > seems to handle samba (LANMAN AND NTHASH) password itself. > > The password change works very fine, but when i try to update the > pwdMustChange to reset his value when a user changed his password, > the pwdMustChange isn't modified like it should be. Again everything > works very fine when running my script in shell mode. > > > Here it is : > ---------------------CUT > HERE-------------------------------------------------- > #!/bin/bash > > echo -n "New password : " > read PASS1 > echo -n "Retype new password : " > read PASS2 > > if [ "$PASS1" = "$PASS2" ] > then > > echo "dn: uid=$1,ou=Users,dc=OKA" > /tmp/ldap.mod > echo "changetype: modify" >> /tmp/ldap.mod > echo "replace: pwdMustChange" >> /tmp/ldap.mod > echo "pwdMustChange: 2147483647" >> /tmp/ldap.mod > echo "" >> /tmp/ldap.mod > > # NOT WORKING...!!! > /usr/local/bin/ldapmodify -v -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' -w > 'secret' -r -f /tmp/ldap.mod > rm -f /tmp/ldap.mod > > # WORKING! > /usr/local/bin/ldappasswd -x -h 127.0.0.1 -D 'cn=ADMIN,dc=OKA' \ > -w 'secret' uid=$1,ou=Users,dc=OKA -s $PASS1 > /dev/null > > echo "all authentication tokens updated successfully" > > else > echo "Passwords do not match" > fi > > #END > ---------------------CUT > HERE-------------------------------------------------- > > > There is something i don't get, first i though maybe samba wasn't > interpreting perl, but when my second script failed.. and after > many hour trying to understand, i'm pretty lost right now! > > Btw, thanks to the samba team, openldap team and idealx > for all the great developpement you've been doing! > > Hope i can find a way to make things work. > > > Yannick Tousignant > ==================> Gestion Informatique OKA lt?e. > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba >
Gerald (Jerry) Carter
2002-May-28 19:57 UTC
[Samba] Samba+PDC+LDAP (add user script + unix passwd sync) Can't call perl script
On Tue, 21 May 2002, Yannick Tousignant wrote:> Hi, i've compiled samba 2.2.4 on a Redhat 7.1 machine, working > with openldap 2.0.23. I also downloaded smbldap-tools from IDEALX > which i fixed myself to fit my needs. Everything work very fine > when running the scripts in shell mode... but!What shows up in a level 10 debug log? The shell scripts do have the 'x' bit set right? cheers, jerry --------------------------------------------------------------------- Hewlett-Packard http://www.hp.com SAMBA Team http://www.samba.org -- http://www.plainjoe.org "Sam's Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--