[K12OSN] User Accounts - Passwords

David Trask dtrask at vcsvikings.org
Fri Sep 9 01:15:17 UTC 2005 

mes4294 at lausd.k12.ca.us on Thursday, September 8, 2005 at 8:02 PM +0000
wrote:
>Dear List,
>
>I am using a K12 Federo 3 Server, running Samba - LDAP as my PDC. I just
>created 3500 users accounts using the add bulk script provided. The
>password
>was generated by the script. My question is, how do I modify the users to
>allow them to change there password at first login. For 3500 account it
>will
>be very time consuming to change the setting on each user one by one.
>
>Thanks for your help
>
>--mark
>
>_______________________________________________
>K12OSN mailing list
>K12OSN at redhat.com
>https://www.redhat.com/mailman/listinfo/k12osn
>For more info see <http://www.k12os.org>

Hi,

If using Windows...they can change their passwords now...as it is and it
will change both passwords (the Unix and Samba passwords).  The issue is
changing the password while in Linux....I have done some work on ACL's to
allow this, but have kinda' stalled at this point....I posted a how-to on
what I'd done so far and am seeking help from others to move
forward....below is the text of the message I posted earlier....so as it
stands right now...there's no user specific setting for changing
passwords....if you used smbldap-installer or followed my how-to....you
can simply change the passwords in Windows right now....or try the method
below.  OR...do what I did....and don't let them change their
passwords...simply give them the computer generated one.  It's working
great for us....if a kid forgets it....Ilook it up.....if it's
compromised....I generate a new one.  Works good and enforces at least a
half-decent password....no more first names and so forth as passwords.

Located here 
http://www.vcsvikings.org/linux/ACL-Stuff/smbldap-ACL-how-to.pdf    and 
here http://www.vcsvikings.org/linux/ACL-Stuff/smbldap-ACL-how-to.sxw   is
a quick doc I threw together with some ACL stuff I had been working on
last spring.  I documented what I did in this doc...it worked quite well
before, but I haven't tried it since.  Last time I tried it was with a
K12LTSP 4.2 system (FC3) and an earlier version of the smbldap-installer. 
I haven't had a chance to "bang on it", but would love it if some of you
would.  Give it a try, but NOT on a PRODUCTION SYSTEM as you will most
certainly hose it!  Use a sandbox.....what I normally use is a sandbox
(usually a regular desktop PC) and a Windows machine or two connected to
the sandbox as kind of a private LAN so I can test the domain and changing
Windows passwords....profiles...etc....without messing with the rest of my
network.  Maybe...with your help and ideas...we can get something working
that can easily be easily be dropped in on your existing system or at
least put into the smbldap-installer script so we can  have something in
place for the start of the school year.  No promises, but I'd sure like
you all to give it a try and see how it works for you....etc.  Keep me
(and everyone else) posted on your failures and successes....and once
again....DO NOT try this on a PRODUCTION system!  Thanks in advance for
your help!  :-)

David N. Trask
Technology Teacher/Coordinator
Vassalboro Community School
dtrask at vcsvikings.org
(207)923-3100

More information about the K12OSN mailing list