PATCHES: Password sync as active directory domain controller

Andrew Bartlett abartlet at
Wed Jul 20 05:01:07 UTC 2016

On Wed, 2016-07-20 at 07:49 +1200, Andrew Bartlett wrote:
> On Tue, 2016-07-19 at 13:26 +0200, Stefan Metzmacher wrote:
> > Added, my master4-gpgme branch does not conflict with master4-
> > smart-*
> > any more.
> > I think it's ready to push.
> It is great to see ndr validation for 'strange'
> supplementalCredentials blobs.  
> Can we please add some not-strange blobs while we are at
> it?  Specifically from Windows and Samba with a GPGme password?

> I'll grab some from whatever archives I can find today, specifically
> the saved old Samba provisions.;a=shortlog;h=refs/heads/m

Here you can see I've done this part.  I hope you will see from this
work that I'm really keen to continue to work with you to get this in.

> That is the only blocker I see from my side.

The next blocker is that it seems we generate a different blob to
windows with our password_hash code.  In particular, you will see in
those commits that the order of the Packages is different between Samba
and Windows 2012R2.

I'm out of time for today, but we need a test added in (say) the
samba.tests.samba_tool.user.UserCmdTestCase.set_password test that
extracts the supplementalCredentials from the database directly, and
then asserts on the order and any other useful details, so we lock down
the structure we produce. 

I'll look into that tomorrow if you don't manage to knock it up in the
meantime.  Perhaps you can look first at why the order is different?


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team
Samba Development and Support, Catalyst IT

More information about the samba-technical mailing list