Question about torture/rpc/netlogon.c

Andrew Bartlett abartlet at
Thu Aug 28 00:55:32 GMT 2008

On Wed, 2008-08-27 at 08:48 +0200, Alan DeKok wrote:
> Andrew Bartlett wrote:
> > Like the 'net samdump' command alredy does (where NT4 replication is
> > still available) and 'net vampire' does (replicating the whole DB, from
> > which you can dump out the passwords with not more than an ldbsearch)?
>   Hmm... The samdump program gives the Kerberos keytab file.  I can't
> find much documentation saying what's in it, but the source code leads
> me to believe that it's the NT hash of the passwords.  Is that true?
>   I'm really looking for the simplest program that will take a domain
> and user, and grab just the NT hash for that user.  If one doesn't
> exist, but can be based on existing code, just point me there.  I'll go
> write it and submit the patches back.

While it is overkill to get just one hash, the most reliable way would
be to extend the 'net vampire' code to dump to a alternate DB, and then
fetch out exactly the hash you want.  That way, you don't risk getting a
previous value (the DRS sync can contain that occasionally, I'm told). 

This process could also output a text dump like 'net samdump', and the
keytab format like 'net samdump keytab' (which are not currently
available to DCs without NT4 replication still enabled).

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list