Password

  • To enable the administrator (that is disabled by default from Windows 7 onwards):
    net user administrator /active:yes
  • With Samba4 becoming more relevant everyday as a drop in replacement for AD, below are the basics of password management in Samba4 using the samba-tool. The following code shows the commands dealing with passwords and account expiration.
     
    #Disable password expiration for the Administrator account.
    samba-tool user setexpiry Administrator --noexpiry

    #Show domain level password options.
    samba-tool domain passwordsettings show

    #Disable password complexity at the domain level.
    samba-tool domain passwordsettings set --complexity=off

    #Disable password history at the domain level.
    samba-tool domain passwordsettings set --history-length=0

    #Disable password min-age at the domain level.
    samba-tool domain passwordsettings set --min-pwd-age=0

    #Disable password max-age at the domain level.
    samba-tool domain passwordsettings set --max-pwd-age=0

    #Disable minimum password length at the domain level.
    samba-tool domain passwordsettings set --min-pwd-length=0
     
    QNAP NAS: This is also applicable to a QNAP NAS on version >= 4.3.x software, running in Domain Controller mode, with Domain Controller Users. For QNAP, the samba-tool is located in /usr/local/samba/bin.
    eg: I normally do at least the following on a QNAP NAS:
    cd /usr/local/samba/bin
    ./samba-tool domain passwordsettings set --max-pwd-age=0
    ./samba-tool domain passwordsettings set --history-length=2
    ./samba-tool domain passwordsettings set --min-pwd-length=5
     
  • Ubiquiti's stringent password requirements, when running the first-time-wizard, can be a pain on their UniFI controller. When installing the controller for the first time, satisfy the requirements when the wizard asks you to, knowing that you can run the following cmds to get the password back to something you actually want :-)
     
    Linux-based Ubiquiti Unifi Wireless Controller
     
    ♦ To create a salted, hashed password, do one of the following
     
    • For Ubuntu/Debian based distros, use the mkpasswd utility ('whois' pkg on Debian/Ubuntu):
      mkpasswd -m sha-512
    • For RHEL/CentOS/Fedora/ based distros, use python:
      python -c 'import crypt,getpass;pw=getpass.getpass(); print(crypt.crypt(pw), crypt.mksalt(crypt.METHOD_SHA512) if (pw==getpass.getpass("Confirm: ")) else exit())'
     
    ♦ To show the list of admins/users:
    mongo --port 27117 ace --eval "db.admin.find().forEach(printjson);"
     
     
    ♦ To update the password in the mongodb database for UniFI (replacing [USERNAME] with the appropriate username and [HASHED_PASSWORD] with the result from the password generation utility).:
    mongo --port 27117 ace --eval 'db.admin.update( { "name" : "[USERNAME]"}, { $set : { "x_shadow" : "[HASHED_PASSWORD]" } } )'
  • I had a situation where adding an Office 365 account to Outlook 2016 would produce the following window when asking for the user credentials:
    windows security empty window
    i.e. No entry fields for the login or password - huh?!?!?!
     
    After weeks of googling, letting it sit for a while, more googling, letting it sit for a while, even more googling I stumbled upon a Microsoft Technet forum page that hinted at the C:\ProgramData\Microsoft\User Account Pictures\user.bmp file not being to Windows liking. This rang a bell since as part of my setting up the customers Windows 7 DVD image for install I had made a custom user tile.
     
    Once I had opened the user.bmp in MS Paint and resaved (as a 24-bit Windows Bitmap File) all was good! I retried the Outlook 2016 Office 365 and BOOM! the User Tile, Login Name and Password all displayed, waiting for entry.