interesting ! Let me take a closer look at that. I must send passwords in Office 365 and Google Apps. Currently, My script works but it requires that Samba is configured with the "Plain text Password" option. I want to change that. "Check password script" could solve my problem. "http://ltb-project.org/wiki/documentation/self-service-password" with " post hook" solves my problem currently. I wish I use it like this : Check password script = /script/scriptpassword.sh %U I will also see what offers me the patch of Garming Sam. Simon https://blog.lesfourmisduweb.org Le 16/06/2016 19:48, Denis Cardon a écrit :> Hi Simon, > > Le 10/06/2016 11:12, blog at lesfourmisduweb.org a écrit : >> >> Yes it could be interesting. >> I want to use it to send the password has an API for other software. I >> currently use the "Store passwords using reversible encryption" to use >> my API. But I do not like this operation. I then use >> "http://ltb-project.org/wiki/documentation/self-service-password" with >> the " post hook" > > If your need is to have a ssha/cryptsha256/512 hash of the user > password for third party apps authentication, you may take a look at > the patch of metze [1], it seems to do just that. > > Cheers, > > Denis > > [1] > https://lists.samba.org/archive/samba-technical/2016-February/112300.html > > >> >> Your patch it allows you also to retrieve the user name ? >> >> Thank you verry much ! >> >> >> Le 10/06/2016 10:41, garming at catalyst.net.nz a écrit : >>> Currently the functionality is not implemented in active directory (I >>> also >>> mistakenly thought it was, until I was corrected). Fortunately, I >>> recently >>> implemented it as a result of someone else raising it. It is still >>> lacking >>> some testing and needs some more work to be integrated upstream >>> however. I >>> should be able to supply the patches I have so far in the next week >>> or so >>> if you're interested. >>> >>> Cheers, >>> >>> Garming >>> >>> >>>> Hi >>>> >>>> Yes, active directory >>>> >>>> Simon >>>> >>>> Le 10/06/2016 03:37, Garming Sam a écrit : >>>>> Hi, >>>>> >>>>> Are you running Samba active directory? >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Garming >>>>> >>>>> On 10/06/16 00:28, blog at lesfourmisduweb.org wrote: >>>>>> Hello >>>>>> >>>>>> I Can not run a "check password script" in smb.conf >>>>>> Somebody can you tell me if this is depecated? >>>>>> I find nothing in the official documentation. >>>>>> >>>>>> Simon >>>>>> >>>> >>> >> >> >
Unfortunately, there are other restrictions which disallow the use of macros in the active directory code, so it wouldn't be as simple as that. Thanks Denis for suggesting metze's branch. That might actually be the most appropriate way to solve this issue. Although there have been other ways of syncing passwords in the past, none of them are currently compatible with active directory. You'd have to do perform some form of migration, but that shouldn't be too difficult with the existing plaintext passwords. Metze has unfortunately been waiting for this to be merged for a while, hopefully I can get this sped up. Cheers, Garming On 17/06/16 09:49, Fonteneau Simon wrote:> interesting ! > Let me take a closer look at that. > > I must send passwords in Office 365 and Google Apps. > Currently, My script works but it requires that Samba is configured > with the "Plain text Password" option. I want to change that. > > "Check password script" could solve my problem. > > "http://ltb-project.org/wiki/documentation/self-service-password" with > " post hook" solves my problem currently. > > I wish I use it like this : > Check password script = /script/scriptpassword.sh %U > > I will also see what offers me the patch of Garming Sam. > > Simon https://blog.lesfourmisduweb.org > > > > Le 16/06/2016 19:48, Denis Cardon a écrit : >> Hi Simon, >> >> Le 10/06/2016 11:12, blog at lesfourmisduweb.org a écrit : >>> >>> Yes it could be interesting. >>> I want to use it to send the password has an API for other software. I >>> currently use the "Store passwords using reversible encryption" to use >>> my API. But I do not like this operation. I then use >>> "http://ltb-project.org/wiki/documentation/self-service-password" with >>> the " post hook" >> >> If your need is to have a ssha/cryptsha256/512 hash of the user >> password for third party apps authentication, you may take a look at >> the patch of metze [1], it seems to do just that. >> >> Cheers, >> >> Denis >> >> [1] >> https://lists.samba.org/archive/samba-technical/2016-February/112300.html >> >> >>> >>> Your patch it allows you also to retrieve the user name ? >>> >>> Thank you verry much ! >>> >>> >>> Le 10/06/2016 10:41, garming at catalyst.net.nz a écrit : >>>> Currently the functionality is not implemented in active directory (I >>>> also >>>> mistakenly thought it was, until I was corrected). Fortunately, I >>>> recently >>>> implemented it as a result of someone else raising it. It is still >>>> lacking >>>> some testing and needs some more work to be integrated upstream >>>> however. I >>>> should be able to supply the patches I have so far in the next week >>>> or so >>>> if you're interested. >>>> >>>> Cheers, >>>> >>>> Garming >>>> >>>> >>>>> Hi >>>>> >>>>> Yes, active directory >>>>> >>>>> Simon >>>>> >>>>> Le 10/06/2016 03:37, Garming Sam a écrit : >>>>>> Hi, >>>>>> >>>>>> Are you running Samba active directory? >>>>>> >>>>>> >>>>>> Cheers, >>>>>> >>>>>> Garming >>>>>> >>>>>> On 10/06/16 00:28, blog at lesfourmisduweb.org wrote: >>>>>>> Hello >>>>>>> >>>>>>> I Can not run a "check password script" in smb.conf >>>>>>> Somebody can you tell me if this is depecated? >>>>>>> I find nothing in the official documentation. >>>>>>> >>>>>>> Simon >>>>>>> >>>>> >>>> >>> >>> >> > >
Hi Google provided a method ( for windows active directory ) that retrieves the password while editing . Some technical details are explained : https://support.google.com/a/answer/2920764 https://msdn.microsoft.com/fr-fr/library/windows/desktop/ms721766%28v=vs.85%29.aspx This is used with their software "Google Apps Password Sync" But, i Change the original function of the parameter "Check password script" ... So I guess it will surely be possible to activate it later ? Thank you Simon Le 17/06/2016 02:51, Garming Sam a écrit :> Unfortunately, there are other restrictions which disallow the use of > macros in the active directory code, so it wouldn't be as simple as that. > > Thanks Denis for suggesting metze's branch. That might actually be the > most appropriate way to solve this issue. Although there have been other > ways of syncing passwords in the past, none of them are currently > compatible with active directory. You'd have to do perform some form of > migration, but that shouldn't be too difficult with the existing > plaintext passwords. > > Metze has unfortunately been waiting for this to be merged for a while, > hopefully I can get this sped up. > > > Cheers, > > Garming > > On 17/06/16 09:49, Fonteneau Simon wrote: >> interesting ! >> Let me take a closer look at that. >> >> I must send passwords in Office 365 and Google Apps. >> Currently, My script works but it requires that Samba is configured >> with the "Plain text Password" option. I want to change that. >> >> "Check password script" could solve my problem. >> >> "http://ltb-project.org/wiki/documentation/self-service-password" with >> " post hook" solves my problem currently. >> >> I wish I use it like this : >> Check password script = /script/scriptpassword.sh %U >> >> I will also see what offers me the patch of Garming Sam. >> >> Simon https://blog.lesfourmisduweb.org >> >> >> >> Le 16/06/2016 19:48, Denis Cardon a écrit : >>> Hi Simon, >>> >>> Le 10/06/2016 11:12, blog at lesfourmisduweb.org a écrit : >>>> Yes it could be interesting. >>>> I want to use it to send the password has an API for other software. I >>>> currently use the "Store passwords using reversible encryption" to use >>>> my API. But I do not like this operation. I then use >>>> "http://ltb-project.org/wiki/documentation/self-service-password" with >>>> the " post hook" >>> If your need is to have a ssha/cryptsha256/512 hash of the user >>> password for third party apps authentication, you may take a look at >>> the patch of metze [1], it seems to do just that. >>> >>> Cheers, >>> >>> Denis >>> >>> [1] >>> https://lists.samba.org/archive/samba-technical/2016-February/112300.html >>> >>> >>>> Your patch it allows you also to retrieve the user name ? >>>> >>>> Thank you verry much ! >>>> >>>> >>>> Le 10/06/2016 10:41, garming at catalyst.net.nz a écrit : >>>>> Currently the functionality is not implemented in active directory (I >>>>> also >>>>> mistakenly thought it was, until I was corrected). Fortunately, I >>>>> recently >>>>> implemented it as a result of someone else raising it. It is still >>>>> lacking >>>>> some testing and needs some more work to be integrated upstream >>>>> however. I >>>>> should be able to supply the patches I have so far in the next week >>>>> or so >>>>> if you're interested. >>>>> >>>>> Cheers, >>>>> >>>>> Garming >>>>> >>>>> >>>>>> Hi >>>>>> >>>>>> Yes, active directory >>>>>> >>>>>> Simon >>>>>> >>>>>> Le 10/06/2016 03:37, Garming Sam a écrit : >>>>>>> Hi, >>>>>>> >>>>>>> Are you running Samba active directory? >>>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Garming >>>>>>> >>>>>>> On 10/06/16 00:28, blog at lesfourmisduweb.org wrote: >>>>>>>> Hello >>>>>>>> >>>>>>>> I Can not run a "check password script" in smb.conf >>>>>>>> Somebody can you tell me if this is depecated? >>>>>>>> I find nothing in the official documentation. >>>>>>>> >>>>>>>> Simon >>>>>>>> >>>> >> >