llaps

LAPS agent for linux

This python script will set a randomly generated password for root or other local account if the expiration date has passed in your Active Directory. Mimics behavior of LAPS (Local Administrator Password Solution) for Windows

Modifies:

Uses config settings, epoch time converter and password gen from macOSLAPS-Legacy https://github.com/joshua-d-miller/macOSLAPS-Legacy Joshua D. Miller - josh@psu.edu - The Pennsylvania State University Used under the The MIT License (MIT)

Samba machine password code provided by Andrew Bartlett https://samba.org/~abartlet/ based from discussion http://samba.2283325.n4.nabble.com/retrieve-machine-password-in-current-Samba-td4723249.html

All other code under CSIRO Open Source Software Licence Agreement (variation of the BSD / MIT License)

Usage

set default preferences you want directly or updating the instance (see example in main())

Available settings are:

copy llaps to somwhere in yout $PATH (/usr/local/bin is a good place)

schedule llaps to run on whatever schedule is convenient an example crontab might be: 0 8,12,16 * * 1-5 /usr/local/bin/llaps >/dev/null 2>&1 to run at 8am, 12pm and 4pm weekdays

llaps will read ms-Mcs-AdmPwdExpirationTime from the computers AD object and if the date has expired, will initiate a password change it will generate a random password and attempt to write this to the computers ms-Mcs-AdmPwd property in AD and update the ms-Mcs-AdmPwdExpirationTime property to the new expiration time. if the write is successful it will change the specified local account password to match.