Dear Rowland:
Am 15.10.2023 um 10:54 schrieb Rowland Penny via samba:>> Dear Samba-experts:
>>
>> we migrated from Samba 3.6 to 4.18 and everything works well.
> I remember this, didn't you have a problem with the SID ?
Yes, that was me. I migrated a Samba3 server from a Solaris Sparc
machine to an Intel machine and it lasted quite some time until
I realized that all my problems were caused by the different
byte ordering of those two machines
>> But there are two problems where I need some expert-help:
>>
>> We are using a daemon that is running on our AD-server. It accepts
>> connections from remote machines and changes the passwords of
>> certain users.
> What users ?
> AD users or local users on a non domain joined computer ?
> If they are AD users, then you probably shouldn't be using smbpasswd
> and if they are local users on a non domain computer, then they
> probably shouldn't be in AD or you should be using something like:
All our users are stored within the AD. We offer some kind of
self-service for users that fogot their password. If they can prove
their identity by using their employee smart card they can open
a SSL-connection with a daemon that is running on our AD.
The daemon will accept the SSL connection only if a client
certificate was used. The daemon will then change the users
password, so it's doing almost the same thing that
"smbpasswd user" would be doing if started by root on the AD.
That's why I used smbpasswd.c as a starting point.
The Samba3-version of that daemon worked well for almost
20 years
With Samba3 I just added one sourcefile into source3/utils and
put some lines into the Makefile. With Samba4 I don't find a
way to tell the build-system to link the daemon with -lcrypto.
My daemon is doing the same initialiation that smbpasswd does.
But it warnes about a missing talloc stackframe, while
smbpasswd does not.
But while I'm writing this lines Ralph Boehme seems to have
answered my questions.
Peter