Just FYI for anyone interested, my other option may be to do password
resets on an IIS 6 box, but authenticate the user to the mit kerberos
realm using Shibboleth. (http://shibboleth.internet2.edu/) - We already
have a Shibboleth infrastructure in place so it wouldn't be that hard to do.
- Robbie
Eric Fleischman wrote:
(should have noted I repro'd this on ADAM, not AD....perhaps diff?)
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman
Sent: Wednesday, November 17, 2004 10:15 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] set AD password from linux?
Ah hah! Yes it does work. I just tried it. But there is a trick.
Trick: when doing this on XP, you must specify the creds explicitly, not
pass null to use currently logged on user.
~Eric
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick
Sent: Wednesday, November 17, 2004 10:08 AM
To: [EMAIL PROTECTED]
Subject: Re: [ActiveDir] set AD password from linux?
Believe Joe is right here...
A little more outside of the box, is the kerberos set password protocols
outlined in RFC 3244 - if i recall MS even had some nice sample code
already
written for *nix application.
my .02
-steve
----- Original Message -----
From: "joe" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, November 17, 2004 7:56 AM
Subject: RE: [ActiveDir] set AD password from linux?
That will work for setting a password on AD (2K and K3)? I was under
the
impression you needed the 128 bit SSL if doing over straight LDAP.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric
Fleischman
Sent: Wednesday, November 17, 2004 10:50 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] set AD password from linux?
...or use ldap_opt_encrypt, but I don't know if your client side LDAP
api
supports that.
~Eric
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of joe
Sent: Wednesday, November 17, 2004 9:36 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] set AD password from linux?
Yes, it requires LDAP and a 128 bit SSL connection to the Domain
Controller.
http://support.microsoft.com/?kbid=269190
You also might be able to find something in the Samba package which
uses
the
NT Lan Man functionality. Though many would question just how secure
that
really is.
joe
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Robbie Foust
Sent: Wednesday, November 17, 2004 10:23 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] set AD password from linux?
Hi,
Is there a way to (securely) set an AD account password through a web
page
on a linux or unix machine running apache? Assume that we can
already
verify the user's identity.
Thanks!
- Robbie
--
Robbie Foust, IT Analyst
OIT/CASI - Administrative Information Support Duke University
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
--
Robbie Foust, IT Analyst
OIT/CASI - Administrative Information Support
Duke University
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
