I have written a Samba administrative perl script that I wanted to share with
the community.
We use Samba3 with a tdbsam backend (set to be synchronized with the UNIX
password database). Our users are Windows XP clients with roaming profiles.
During the course of supporting our users, our techs frequently need to login
*as* specific users to work on their windows profile, such as Outlook profile
settings, check out their user specific problem reports, etc. The trouble is
that if we don't know their password (which we don't generally want to know) we
have to change their password, and then somehow alert them to the new password
so that they can login and reset their password when they get back to their PC
after we've worked on it.
This has been a cumbersome problem for us for a while, and to solve it, I
finally wrote tmp-admin-pwreset.pl. What it does is simple: you pass it a list
of usernames and a temporary password. It will reset the password of all the
supplied users (Samba and UNIX) to the temporary password, but first will
backup the current password *hashes* for each of the users to a file, so that
they can be reset to their original values later on. You then call the script
in another mode ("--restore") and it sets all the password hashes for both UNIX
and Samba to what they were originally.
This effectively allows administrators to be able login as specific users
without knowing their password, and without having to change their password
either. Users won't even know anything changed at all (and won't call the
helpdesk because they can't login; didn't see the note, didn't listen to the
voicemail, etc).
I wrote this for our own use, however, I thought it might be useful to others,
so I am sharing it.
If anyone is interested, the script and documentation can be downloaded here:
http://devzone.intellitree.com/projects/tmp-admin-pwreset
Best regards,
Henry Van Styn
IntelliTree Solutions llc
http://www.intellitree.com
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
