Extracting accounts and passwords from Novel Netware
anders at cwd.no
anders at cwd.no
Sun Jul 30 20:55:49 GMT 2000
Folks,
Just to add some more of my ideas in here:
There is a package which does this from a Linux box (the std. nwfs package
I believe..)
I once wrote a program that authentificated users on a Squid Proxy against
a 3.12 Novell Server.
Hint: The BINDERY property "GROUPS I'M IN" is the groups the user is a
member of :)))
Maybe we should create support for novell passwords in samba? (Win NT is
doing something like this when you migrate
from Novell to NT... I think...)
Anders
"Rink Springer"
<rink at springer.cx> To: "James Sutherland" <jas88 at cam.ac.uk>, <anders at cwd.no>
Sent by: cc: <samba-technical at samba.org>,
samba-technical-admin <samba-technical-admin at samba.org>, "Richard Sharpe"
@samba.org <sharpe at ns.aus.com>
Subject: Re: Extracting accounts and passwords from Novel
Netware
30.07.2000 21:19
Hi everyone,
Anders is correct. You see, Novell 3.12 stored the password in the
so-called
'bindery', which works like the Windows Registry. Every account will is an
object, and it has a PASSWORD property. This property lists the password in
an encrypted form, as someone else posted the link to.
My advice: write a small program that extracts *all* users from the bindery
(one of the easiest things to do is use SECURITY and grep for USER NAME :)
and feed this list into adduser(8). If you need any help using this, just
ask me. Using the original passwords is a very hard thing, so I'd suggest
you drop that...
--Rink
----- Original Message -----
From: <anders at cwd.no>
To: "James Sutherland" <jas88 at cam.ac.uk>
Cc: <samba-technical at samba.org>; <samba-technical-admin at samba.org>;
"Richard
Sharpe" <sharpe at ns.aus.com>
Sent: Sunday, July 30, 2000 8:15 PM
Subject: Re: Extracting accounts and passwords from Novel Netware
>
> The "optional" enctyption you are speaking of was the communication on
the
> "wire".
>
> As far as I know 3.x had the passwords stored enctypted like unix, but
the
> authentification could use both clear-text methodes (for pre 3.x
> compatiblity) like telnet, or encrypted like ssh (not same algorithms,
but
> nice comparison...)
>
> Anders
>
>
>
>
> James Sutherland
> <jas88 at cam.ac.uk> To: Richard Sharpe
<sharpe at ns.aus.com>
> Sent by: cc:
samba-technical at samba.org
> samba-technical-admin Subject: Re:
Extracting accounts and passwords from Novel
> @samba.org Netware
>
>
> 30.07.2000 18:34
>
>
>
>
>
> On Mon, 31 Jul 2000, Richard Sharpe wrote:
>
> > Hi,
> >
> > Is there a simple tool for extracting the list of accounts from a
Netware
> > server?
> >
> > Also, are plaintext password recoverable from a Netware server of any
> > vintage, or are they all hashed with such a strong hash it is not
> possible
> > to recover them?
>
> Up to about 3.x the encryption was optional, IIRC? 4.x and later (NDS)
> hash them a la Unix - you can get the encrypted version, but decryption
is
> a matter of brute force, and takes serious time.
>
> A nice simple package for Netware, NT and Unix (PAM) to redirect all auth
> to a single tree, containing passwords in all the formats needed (and
kept
> in sync) might be nice... Some of this is already done, but not all.
IIRC,
> we'll need to have passwords in NT format for SMB support, as well as
> crypt or MD5 for Unix. It's possible to keep two distinct databases in
> sync, but being able to point everything at a single database would be
> nice...
>
>
> James.
>
>
>
>
>
>
More information about the samba-technical
mailing list