Univention Bugzilla – Attachment 3969 Details for
Bug 24703
Passwort Rotation auf S4 Servern
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Script, das das Samba4-Rechnerpasswort auf das Passwort aus /etc/machine.secret setzt
samba4_set_machine_secret.sh (text/plain), 1.91 KB, created by
Arvid Requate
on 2011-12-06 12:50 CET
(
hide
)
Description:
Script, das das Samba4-Rechnerpasswort auf das Passwort aus /etc/machine.secret setzt
Filename:
MIME Type:
Creator:
Arvid Requate
Created:
2011-12-06 12:50 CET
Size:
1.91 KB
patch
obsolete
>#!/bin/sh ># ># Univention Samba4 ># password set script ># ># Copyright 2004-2011 Univention GmbH ># ># http://www.univention.de/ ># ># All rights reserved. ># ># The source code of this program is made available ># under the terms of the GNU Affero General Public License version 3 ># (GNU AGPL V3) as published by the Free Software Foundation. ># ># Binary versions of this program provided by Univention to you as ># well as other copyrighted, protected or trademarked materials like ># Logos, graphics, fonts, specific documentations and configurations, ># cryptographic keys etc. are subject to a license agreement between ># you and Univention and not subject to the GNU AGPL V3. ># ># In the case you use this program under the terms of the GNU AGPL V3, ># the program is provided in the hope that it will be useful, ># but WITHOUT ANY WARRANTY; without even the implied warranty of ># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ># GNU Affero General Public License for more details. ># ># You should have received a copy of the GNU Affero General Public ># License with the Debian GNU/Linux or Univention distribution in file ># /usr/share/common-licenses/AGPL-3; if not, see ># <http://www.gnu.org/licenses/>. > >eval "$(univention-config-registry shell)" > >set_machine_secret() { > ## 1. store password locally in secrets.ldb > current_kvn=$(ldbsearch -H /var/lib/samba/private/secrets.ldb samAccountName="${hostname}\$" msDS-KeyVersionNumber | sed -n 's/msDS-KeyVersionNumber: \(.*\)/\1/p') > new_kvno=$(($current_kvn + 1)) > > ldbmodify -H /var/lib/samba/private/secrets.ldb <<-%EOF > dn: flatname=${windows_domain},cn=Primary Domains > changetype: modify > replace: secret > secret:< file:///etc/machine.secret > - > replace: msDS-KeyVersionNumber > msDS-KeyVersionNumber: $new_kvno > - > %EOF > > ## 2. replace random machine secret in SAM with /etc/machine.secret > samba-tool user setpassword "${hostname}\$" --newpassword="$(cat /etc/machine.secret)" >} > >set_machine_secret
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3969">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 24703
:
3900
| 3969 |
4508
|
4509