[cifs-protocol] [MS-SAMR] SamrSetInformationUser2 over an authenticated DCERPC connection [119040819792364]
Andreas Schneider
asn at samba.org
Fri Apr 12 21:14:39 UTC 2019
On Friday, 12 April 2019 22:10:00 CEST Obaid Farooqi wrote:
> Hi Andreas:
Hi Obaid,
> I need to dig deeper into this to find out what is happening.
> Can you please send me instructions on how to setup a Linux client to run
> the test you ran?
>
> My plan is to use Windows Subsystem for Linux (WSL) running Ubuntu to
> accomplish this but that is not a requirement, just a convenience as I'll
> not have to install Linux on a new VM.
if you're interesting in the case were the password change fails, you just
need to install samba-client on WSL running Ubuntu.
First create a user e.g. bob1 on an AD DC.
Then go to a console on WSL Ubuntu and run:
$ sudo apt-get install samba-client
Once you have that installed you can execute:
$ rpcclient ncacn_np:<windows ad server>[seal] -U Administrator%<admin
password>
-c "setuserinfo2 bob1 26 P at ssword0"
Where <windows ad server> is the dns domain name of your windows ad dc.
This will fail with an error NT_STATUS_WRONG_PASSWORD as it uses the wrong
session key.
If you want to use TCP/IP:
$ rpcclient ncacn_ip_tcp:<windows ad server>[seal] -U Administrator%<admin
password> -c "setuserinfo2 bob1 26 P at ssword0"
This will fail with an error NT_STATUS_WRONG_PASSWORD as it uses the wrong
session key.
I can send you the instructions how to build samba with my changes to use
"SystemLibraryDTC" as the session key. Then the above commands will succeed.
But as you need to clone the git repo and compile it, I need to lookup the
packages you need to install for Ubuntu first. I can do that on Monday.
Have a nice weekend,
Andreas
More information about the cifs-protocol
mailing list