Hi, we are using Samba4 since the first stable release, and we are fully satisfied. Our configuration is 2 DCs on opensuse13, samba 4.1.16 + bind, full sync (ad/gpo/netlogon), ~1k users, ~700 computers. We migrated to samba4 from the classic samba3/ldap backend without any big issue. We have the possibility to reset the password to the default one using a web form. On samba3/ldap we used the attribute "sambaPasswordHistory" to store this default password and restore it on request. This default password is stored as plaintext. How can I do this in Samba4 and AD schema? I digged a little bit in password history in AD but the comparison is done with hashes. I don't want to store this in a third party database... Thank for your support, Paul
Nice enviroment Paul.. have a look here. http://ltb-project.org/wiki/documentation/self-service-password Greetz, Louis>-----Oorspronkelijk bericht----- >Van: paul.de_vlieger at moniut.univ-bpclermont.fr >[mailto:samba-bounces at lists.samba.org] Namens Paul >Verzonden: woensdag 17 juni 2015 9:25 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Default password recovery feature > >Hi, >we are using Samba4 since the first stable release, and we are >fully satisfied. > >Our configuration is 2 DCs on opensuse13, samba 4.1.16 + bind, >full sync >(ad/gpo/netlogon), ~1k users, ~700 computers. >We migrated to samba4 from the classic samba3/ldap backend >without any big issue. > >We have the possibility to reset the password to the default >one using a web >form. On samba3/ldap we used the attribute >"sambaPasswordHistory" to store this >default password and restore it on request. This default >password is stored as >plaintext. > >How can I do this in Samba4 and AD schema? I digged a little >bit in password >history in AD but the comparison is done with hashes. I don't >want to store this >in a third party database... > >Thank for your support, >Paul > > > > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Thanks for that, it's pretty much our server-side web form to re-init passwords. The problem is that I need to store somewhere as plaintext the default password for each user, which is prompted to change at the 1st connexion. I turned on "--store-plaintext on" via samba-tool and read "supplementalCredentials", looked for "Store passwords using reversible encryption"... I don't think it's the right way since I don't want to be able to decode new passwords... Paul Le 17/06/2015 09:37, L.P.H. van Belle a ?crit :> Nice enviroment Paul.. > > have a look here. > http://ltb-project.org/wiki/documentation/self-service-password > > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: paul.de_vlieger at moniut.univ-bpclermont.fr >> [mailto:samba-bounces at lists.samba.org] Namens Paul >> Verzonden: woensdag 17 juni 2015 9:25 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] Default password recovery feature >> >> Hi, >> we are using Samba4 since the first stable release, and we are >> fully satisfied. >> >> Our configuration is 2 DCs on opensuse13, samba 4.1.16 + bind, >> full sync >> (ad/gpo/netlogon), ~1k users, ~700 computers. >> We migrated to samba4 from the classic samba3/ldap backend >> without any big issue. >> >> We have the possibility to reset the password to the default >> one using a web >> form. On samba3/ldap we used the attribute >> "sambaPasswordHistory" to store this >> default password and restore it on request. This default >> password is stored as >> plaintext. >> >> How can I do this in Samba4 and AD schema? I digged a little >> bit in password >> history in AD but the comparison is done with hashes. I don't >> want to store this >> in a third party database... >> >> Thank for your support, >> Paul >> >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >