[K12OSN] SMBLDAP - Requiring and facilitating password

Nick Fenger nick at trilliumcharterschool.org
Tue Dec 2 01:02:51 UTC 2008


Here's my script:
-------------------------------------------------- chpass.sh
--------------------------------------------------
#!/bin/bash
echo "Instructions:"
echo ""
echo "You will need to type your old password once, then you new password
twice."
echo "Nothing will show up on the screen when you are typing, just press
enter "
echo "after each password. Your password must be at least 6 characters long"
echo ""
echo "If everything worked, then you will get this message after typing all
of"
echo "your passwords: Password changed for user ... "
echo ""
/usr/bin/smbpasswd -r 192.168.10.110
read -p "Press any key exit"
-------------------------------------------------------------------------------------------------------------------

Command to run:
xterm -e "sh /usr/local/scripts/chpass.sh"

IceWM menu command:
prog "Change My Password"
/usr/share/icons/crystalsvg/16x16/actions/edit_user.png xterm -e "sh
/usr/local/scripts/chpass.sh"


2008/11/21 Rob Owens <rob.owens at biochemfluidics.com>

> Hmm, this is a little more complicated than I thought.
>
> I came up with a simpler idea though.  Create a custom launcher (for
> Gnome) that runs smbpasswd in a terminal.  Here it is, as text and as an
> attachment:
>
> [Desktop Entry]
> Encoding=UTF-8
> Version=1.0
> Type=Application
> Terminal=true
> Icon[en_US]=/usr/share/pixmaps/password.png
> Name[en_US]=Password
> Exec=/usr/bin/smbpasswd
> Comment[en_US]=Change your Samba password
> Name=Password
> Comment=Change your Samba password
> Icon=/usr/share/pixmaps/password.png
>
> If you want to provide some additional text for instructions, you can
> make the launcher call myscript.sh instead of smbpasswd.  myscript.sh
> would then be something like:
>
> #!/bin/bash
> echo "This utility will change your Linux and Windows password.  Please
> answer the following questions"
> /usr/bin/smbpasswd
>
> -Rob
>
>
> Rob Owens wrote:
> > Last time I tried, "passwd" did not work.  "smbpasswd" did work, though.
> >  Additionally, changing their password from a Windows machine supposedly
> > works (but I didn't test that).
> >
> > I don't know of a GUI for this.  You could probably write a quick one
> > using zenity.  Zenity makes it really easy to create dialog boxes.
> > Go to System, Help, and search for zenity.
> >
> > I'll see if I can piece together a script tomorrow.  Don't hold your
> > breath, though -- I'm not an expert.
> >
> > -Rob
> >
> >
> > Carl Keil wrote:
> >> Rob,
> >>
> >> Thank you for your reply.
> >> I think I'd be OK with just telling people they needed to do it.  If
> >> someone cracks their account and messes around it'll be a learning
> >> experience for them.
> >>
> >> I'm not clear on how ordinary users change their password in the SMBLDAP
> >> scheme though.   Does "passwd" work?  Is there a GUI?  These people are
> >> on clients, not the server.  And I want it to change the password in the
> >> LDAP database.
> >>
> >> Thanks,
> >>
> >> ck
> >>
> >>
> >>
> >>> Date: Thu, 20 Nov 2008 07:53:14 -0500 From: Rob Owens
> >>> <rob.owens at biochemfluidics.com> Subject: Re: SMBLDAP - Requiring and
> >>> facilitating password change at first logon To: "Support list for open
> >>> source software in schools." <k12osn at redhat.com> Message-ID:
> >>> <49255DBA.8040308 at biochemfluidics.com> Content-Type: text/plain;
> >>> charset="iso-8859-1" I don't know how to force that. But you could
> >>> *tell* them to do it, and then run a script the next day that attempts
> >>> to log in each student using the password that you assigned. If it's
> >>> successful, it can then change/disable the password, or email you, or
> >>> put their name on a list, or something. That way you'll know who
> >>> didn't follow instructions. -Rob Carl Keil wrote:
> >>>>> Hey,
> >>>>>> I've gotten a SMBLDAP server going on Centos.  I think it works
> >>>> really
> >>>>> well through all the testing I've done.  I'm about to convert people
> >>>>> over to using it.  What's the best way for making the kids change
> >>>> the PW
> >>>>> at first login (I didn't assign very good passwords when I set up the
> >>>>> accounts and now I'm worrying about it.)  Is there a GUI way to do
> >>>> this?
> >>>>>> Is there a way in LDAP to keep a person in the DB but not let
> >>>> them log
> >>>>> into workstations?  Like to toggle some sort of "active" field in
> >>>> the db?
> >>>>>> Oh, BTW all the workstations are Ubuntu 8.04, I'm hoping that
> >>>> simplifies
> >>>>> things.
> >>>>>> Thanks,
> >>>>>> ck
> >> __________
> ********************************************************
>
> The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. If you are not the addressee, any disclosure, reproduction,
> copying, distribution, or other dissemination or use of this transmission
> in
> error please notify the sender immediately and then delete this e-mail.
> E-mail transmission cannot be guaranteed to be secure or error free as
> information could be intercepted, corrupted lost, destroyed, arrive late or
> incomplete, or contain viruses.
> The sender therefore does not accept liability for any errors or omissions
> in the contents of this message which arise as a result of e-mail
> transmission. If verification is required please request a hard copy
> version.
>
> ********************************************************
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20081201/551f3cbb/attachment.htm>


More information about the K12OSN mailing list