Change password on first login on samba pdc

amjsoft · February 17, 2016, 12:11pm

Why NethServer 7 does not have the item “Change password on first login” equal to Univention ?

alefattorini · February 17, 2016, 2:25pm

This isn’t the first time I see this request, people said me that Windows PDC permits the same.
Would you like to describe the requested steps? I guess user have to know already the password set by the admin, right?

amjsoft · February 17, 2016, 6:52pm

Yes. Both Windows and the Univention allows this action.

When creating a new user, you can define a default password.
The user to log the first time, will be forced to create a new password before using the station.
I did a test with Univention, creating a new user. I realized in the creation screen that had a checkbox to perform this procedure. Upon entering a WIndows machine, appeared a password expired message forcing the user create a new password.
I tested on a machine VM VirtualBox.

amjsoft · February 17, 2016, 6:57pm

amjsoft · February 19, 2016, 7:12pm

I was checking the OpenLDAP documentation and noticed that I had a specific module ldap-useradmin -> edit_user.cgi dealing with new users and passwords. Extract the function to help implement my suggestion.

    # Show shadow password options
    if (&in_schema($schema, "shadowLastChange")) {
    print &ui_table_start($text{'uedit_passopts'}, "width=100%", 4, \@tds);

    # Last change date
    print &ui_table_row($text{'change'},
            ($uinfo{'change'} ? &make_date(timelocal(
                                   gmtime($change * 60*60*24)),1) :
             $n eq "" ? $text{'uedit_never'} :
                        $text{'uedit_unknown'}));

    # Expiry date
if ($in{'new'} &&
    $mconfig{'default_expire'} =~ /^(\d+)\/(\d+)\/(\d+)$/) {
	$eday = $1;
	$emon = $2;
	$eyear = $3;
	}
elsif ($expire) {
	@tm = localtime(timelocal(gmtime($expire * 60*60*24)));
	$eday = $tm[3];
	$emon = $tm[4]+1;
	$eyear = $tm[5]+1900;
	}
print &ui_table_row($text{'expire'},
	&useradmin::date_input($eday, $emon, $eyear, 'expire'));

    # Minimum and maximum days for changing
    print &ui_table_row($text{'min'},
            &ui_textbox("min", $in{'new'} ? $mconfig{'default_min'}
				      : $min, 5));
    print &ui_table_row($text{'max'},
            &ui_textbox("max", $in{'new'} ? $mconfig{'default_max'}
				      : $max, 5));

# Password warning days
    print &ui_table_row($text{'warn'},
            &ui_textbox("warn", $in{'new'} ? $mconfig{'default_warn'}
				       : $warn, 5));

# Inactive dats
    print &ui_table_row($text{'inactive'},
            &ui_textbox("inactive", $in{'new'} ?$mconfig{'default_inactive'}
				           : $inactive, 5));

# Force password change at next login
print &ui_table_row(
	$text{'uedit_forcechange'},
		&ui_yesno_radio("forcechange", 0));


print &ui_table_end();
}

davidep · February 19, 2016, 8:05pm

I bet Samba 4 DC ships this present, too

amjsoft · February 22, 2016, 2:08pm

Yes, it’s the samba 4.3.1.