PATCHES: Password sync as active directory domain controller
Andrew Bartlett
abartlet at samba.org
Wed Jul 20 05:01:07 UTC 2016
On Wed, 2016-07-20 at 07:49 +1200, Andrew Bartlett wrote:
> On Tue, 2016-07-19 at 13:26 +0200, Stefan Metzmacher wrote:
>
> > Added, my master4-gpgme branch does not conflict with master4-
> > smart-*
> > any more.
> > I think it's ready to push.
>
> It is great to see ndr validation for 'strange'
> supplementalCredentials blobs.
>
> Can we please add some not-strange blobs while we are at
> it? Specifically from Windows and Samba with a GPGme password?
> I'll grab some from whatever archives I can find today, specifically
> the saved old Samba provisions.
http://git.catalyst.net.nz/gitweb?p=samba.git;a=shortlog;h=refs/heads/m
etze-master4-gpgme
Here you can see I've done this part. I hope you will see from this
work that I'm really keen to continue to work with you to get this in.
> That is the only blocker I see from my side.
The next blocker is that it seems we generate a different blob to
windows with our password_hash code. In particular, you will see in
those commits that the order of the Packages is different between Samba
and Windows 2012R2.
I'm out of time for today, but we need a test added in (say) the
samba.tests.samba_tool.user.UserCmdTestCase.set_password test that
extracts the supplementalCredentials from the database directly, and
then asserts on the order and any other useful details, so we lock down
the structure we produce.
I'll look into that tomorrow if you don't manage to knock it up in the
meantime. Perhaps you can look first at why the order is different?
Sorry,
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list