Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: ippillihplm on July 01, 2014, 09:16:31 am
-
How does a user change his password under 3.5 if the User Portal is now gone? Is this just using the smbpasswd command for now?
-
any infos about this? it´s a blocker for us since user corner is heavily used...
thanks
-
I think I was able to find a way to accomplish this via a CGI script. If anyone is interested, here is the CGI file that I used that I did a lot of searching for...
############################################################################
# Simple CGI script that uses smbpasswd to allow a user to change their
# password on a Windows domain controller.
#
# Written 2013-03-02 by Lester Hightower
############################################################################
use strict;
use CGI qw(:standard);
use IPC::Open3;
use Symbol 'gensym';
my $DOM_CONTROLLER = '127.0.0.1';
my $EXE_SMBPASSWD = '/usr/bin/smbpasswd';
my $q = CGI->new;
if (uc($q->request_method()) eq 'POST') {
try_change_passwd($q);
} else {
send_change_form($q);
}
exit;
############################################################################
############################################################################
############################################################################
sub send_change_form($) {
my $q=shift @_;
print $q->header('text/html');
my @form_elements = (
{ 'name' => 'Username', 'html' =>
textfield(-name=>'username', -value=>'',-size=>20,-maxlength=>80)
},
{ 'name' => 'Current Password', 'html' =>
password_field(-name=>'old_passwd', -value=>'',-size=>20,-maxlength=>80),
},
{ 'name' => 'New Password', 'html' =>
password_field(-name=>'new_passwd', -value=>'',-size=>20,-maxlength=>80),
},
{ 'name' => 'Retype new password', 'html' =>
password_field(-name=>'new_passwd2', -value=>'',-size=>20,-maxlength=>80),
},
);
print
"<html>\n" .
"<head><title>Change Password</title></head>\n" .
"<body>\n" .
start_form(-method=>'POST') .
"<table>\n" .
make_form_table_fields($q, \@form_elements) .
"<tr><td colspan=2 align=right>" .
submit(-name=>'btn_chpasswd', -value=>'Change Password') .
"</td></tr>\n" .
"</table>\n" .
end_form .
"</body>\n" .
"</html>\n";
return;
}
sub make_form_table_fields($$) {
my $q=shift @_;
my $form_elements=shift @_;
my $t='';
foreach my $fe (@{$form_elements}) {
my $name=$fe->{name};
my $html=$fe->{html};
$t.="<tr><td align=right>$name</td><td>$html</td></tr>\n";
}
return $t;
}
############################################################################
sub try_change_passwd($) {
my $q=shift @_;
print $q->header('text/html');
my $username = $q->param('username');
my $old_passwd = $q->param('old_passwd');
my $new_passwd = $q->param('new_passwd');
my $new_passwd2 = $q->param('new_passwd2');
if ($username !~ m/^[a-z._0-9]+$/i) {
print "Invalid username\n";
return;
}
if (length($new_passwd) < 1) {
print "New password cannot be blank.\n";
return;
}
if ($new_passwd ne $new_passwd2) {
print "Mismatch in new password verification.\n";
return;
}
my($wtr, $rdr, $err);
$err = gensym;
my @cmd=($EXE_SMBPASSWD,'-D 0','-s','-U',$username);
#warn "LHHD: running - " . join(" ", @cmd) . "\n";
my $pid = open3($wtr, $rdr, $err, @cmd);
print $wtr "$old_passwd\n$new_passwd\n$new_passwd2\n";
waitpid( $pid, 0 );
my $child_exit_status = $? >> 8;
if ($child_exit_status == 0) {
print "Password changed successfully.";
} else {
my $stdout=<$rdr>;
my $stderr=<$err>;
my $errmsg=$stdout;
if (length($errmsg)) { $errmsg .= "\n-\n"; }
$errmsg .= $stderr;
print "Password change was not successful:<pre>$errmsg</pre>\n";
}
return;
}
-
Hi
Nice but my problem ...
Password change was not successful:
Can't load /etc/samba/smb.conf - run testparm to debug it
testparm output all OK..
please help
-
Yep,
I later encountered this issue. The problem being, the user www-data, which is what the cgi/perl script is running as, is trying to access the smb.conf and openchange.conf files in the /etc/samba/ directory. There is no secure way, at least that I have found, to run the perl script so that it can access those conf files. Additionally, if you change the permissions on the files so that it the user can access them, it is temporary at best. I have ended up running a crontab job that allows the user to access the files with the following commands in crontab:
0 * * * * setfacl -m "u:www-data:rx" /etc/samba/openchange.conf
0 * * * * setfacl -m "u:www-data:rx" /etc/samba/smb.conf
What this does is on the hour to set the ACLs for the user of www-data to allow it to access the necessary files. this has worked for me thus far, but no guarantees here.
-Michael