bsdzone BSDZone - FreeBSD help, how-to guides, and articles.

  [ Home ]   [ Current News ]   [ Howto Archive ]   [ Books ]   [ Search ]   [ Links ]   [ Contact ]  [ About ]  


Change Windows passwords
Samba - 25 Mar 06

Change Active Directory passwords through the web.

Why would you want to do this?

Where I work we have multiple domains that are not trusted and our Exchange server uses one domain that has accounts for each person in every domain.
This means that when a person’s password expires for their Exchange account they have to come to us to reset their password on the domain where Exchange resides.
This is annoying to all involved.

So FreeBSD comes to the rescue. We can solve the problem in the following way.
1. Setup FreeBSD
2. Secure the machine ( whatever that means ) and lock down the firewall.
3. Install needed software.
4. Install cgi script to change the passwords

This howto will start on step 3.

# Install Samba 3
cd /usr/ports/net/samba3
make install clean

A screen will pop up asking what types of extras you want compiled in. I usually just add Active Directory support to the defaults.

# Install Apache13-Modssl ( I just like apache13 better, you can use apache 2 if you don’t )
cd /usr/ports/www/apache13-modssl
make install clean
add apache_enable=”YES” to /etc/rc.conf

# Setup your /usr/local/etc/apache/httpd.conf to your needs.
Make sure you have support for cgi.
AddHandler cgi-script .cgi .pl

# The directory where you put the cgi will have ExecCGI like,
Directory “/usr/local/www/data”
Options Indexes FollowSymLinks MultiViews ExecCGI

# DirectoryIndex should include index.cgi like,
DirectoryIndex index.cgi index.html index.php

The script that I use is just a chopped down version of Rajeev Kumar’s password sync.

# The script requires Perl Expect so install that first.
cd /usr/ports/lang/p5-Expect
make install clean

# Now get the script and put it where you want it ( Change extension to .cgi )
wget http://www.bsdzone.net/howto/howto_files/passchange/passchange.txt

# Edit the configuration options / html in the script, and check to see if it runs from the command line.

# Make sure that your firewalls allow everything through that samba needs.

#Now go to the location of your script, and try it out. ( It is a good idea to use SSL )

Hopefully it works.

Final step is to clean up the script, because I am lazy and probably missed things, then send it back to me :)

Leave a Reply