MXMLN-sec/README.md

## README.md

      
    Raw
  

              README.md
            
          
    This script bypasses your companies password policy in which you need to change
your password in intervals and it's not allowd to use the last X passwords
Dependencies:


smbpasswd
pwgen

#pwgen
-c Include  at least one capital letter in the password
-n Include at least one number in the password
-1 Print the generated passwords one per line

  
## ldap-password-change.sh
#!/bin/bash

## Check dependencies
type smbpasswd > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
	echo -e >&2 "\e[31mERROR 2: smbpasswd is required but not installed\e[39m"
	exit 2
fi
type pwgen > /dev/null 2>&1
if [[ $? -ne 0 ]]; then
	echo -e >&2 "\e[31mERROR 3: pwgen is required but not installed\e[39m"
	exit 3
fi

## Get the LDAP sAMAccountName,
while [[ $username == '' ]]; do
	read -p "Please enter your sAMAccountName, followed by [ENTER]: " username
done
echo -e "\e[32mThis script will be executed as \e[4m$username\e[24m ...\e[39m"

## Get the current password
echo -e "\e[31mDO NOT INTERRUPT THE SCRIPT AFTER THE FOLLOWING [ENTER]\e[39m\n"
while [[ $password == '' ]]; do
	read -s -p "Please enter your current password, followed by [ENTER]: " password
done
echo -e ""

## Set constants
readonly dc="IP-ADDRESS OR FQDN"

## Set variables
current=$password
status=0
runs=12

## Main
### Loop changes the password $runs - 1 times
for i in `seq 1 $((runs-1))`; do
	new=$(pwgen -cn1)
	if [[ $status -eq 0 ]]; then
		echo -ne "Change sequenz $i to $new ";
		echo -ne "$current\n$new\n$new\n" | smbpasswd -s -U $username -r $dc &> /dev/null
		status=$?
		if [[ $status -eq 0 ]]; then
			sleep 3
			echo -ne "\t\e[32m[   OK   ]\e[39m\n"
		else
			# Check if the script fails at the first attempt > probably wrong username or password
			if [[ $i -ne 1 ]]; then
				echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
			else
				echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
				echo -ne "\e[31mPlease check your username and password!\e[39m\n"
			fi
		fi
	current=$new
	fi
done

### Changes the password the last times to the current password
if [[ $status -eq 0 ]]; then
	echo -ne "Change sequenz 12 to current ";
	echo -ne "$current\n$password\n$password\n" | smbpasswd -s -U $username -r $dc &> /dev/null
	if [[ $status -eq 0 ]]; then
                        sleep 3
			echo -ne "\t\e[32m[   OK   ]\e[39m\n"
			echo -ne "\e[32mPassword change sucessfully finished!\e[39m\n"
	else
			echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
	fi
fi
exit 0
	#!/bin/bash

	## Check dependencies
	type smbpasswd > /dev/null 2>&1
	if [[ $? -ne 0 ]]; then
	echo -e >&2 "\e[31mERROR 2: smbpasswd is required but not installed\e[39m"
	exit 2
	fi
	type pwgen > /dev/null 2>&1
	if [[ $? -ne 0 ]]; then
	echo -e >&2 "\e[31mERROR 3: pwgen is required but not installed\e[39m"
	exit 3
	fi

	## Get the LDAP sAMAccountName,
	while [[ $username == '' ]]; do
	read -p "Please enter your sAMAccountName, followed by [ENTER]: " username
	done
	echo -e "\e[32mThis script will be executed as \e[4m$username\e[24m ...\e[39m"

	## Get the current password
	echo -e "\e[31mDO NOT INTERRUPT THE SCRIPT AFTER THE FOLLOWING [ENTER]\e[39m\n"
	while [[ $password == '' ]]; do
	read -s -p "Please enter your current password, followed by [ENTER]: " password
	done
	echo -e ""

	## Set constants
	readonly dc="IP-ADDRESS OR FQDN"

	## Set variables
	current=$password
	status=0
	runs=12

	## Main
	### Loop changes the password $runs - 1 times
	for i in `seq 1 $((runs-1))`; do
	new=$(pwgen -cn1)
	if [[ $status -eq 0 ]]; then
	echo -ne "Change sequenz $i to $new ";
	echo -ne "$current\n$new\n$new\n" \| smbpasswd -s -U $username -r $dc &> /dev/null
	status=$?
	if [[ $status -eq 0 ]]; then
	sleep 3
	echo -ne "\t\e[32m[ OK ]\e[39m\n"
	else
	# Check if the script fails at the first attempt > probably wrong username or password
	if [[ $i -ne 1 ]]; then
	echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
	else
	echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
	echo -ne "\e[31mPlease check your username and password!\e[39m\n"
	fi
	fi
	current=$new
	fi
	done

	### Changes the password the last times to the current password
	if [[ $status -eq 0 ]]; then
	echo -ne "Change sequenz 12 to current ";
	echo -ne "$current\n$password\n$password\n" \| smbpasswd -s -U $username -r $dc &> /dev/null
	if [[ $status -eq 0 ]]; then
	sleep 3
	echo -ne "\t\e[32m[ OK ]\e[39m\n"
	echo -ne "\e[32mPassword change sucessfully finished!\e[39m\n"
	else
	echo -ne "\t\e[31m[ FAILED ]\e[39m\n"
	fi
	fi
	exit 0