PATCHES: Password sync as active directory domain controller
metze at samba.org
Wed Jul 20 08:50:10 UTC 2016
Am 20.07.2016 um 07:01 schrieb Andrew Bartlett:
> On Wed, 2016-07-20 at 07:49 +1200, Andrew Bartlett wrote:
>> On Tue, 2016-07-19 at 13:26 +0200, Stefan Metzmacher wrote:
>>> Added, my master4-gpgme branch does not conflict with master4-
>>> any more.
>>> I think it's ready to push.
>> It is great to see ndr validation for 'strange'
>> supplementalCredentials blobs.
>> Can we please add some not-strange blobs while we are at
>> it? Specifically from Windows and Samba with a GPGme password?
>> I'll grab some from whatever archives I can find today, specifically
>> the saved old Samba provisions.
> Here you can see I've done this part. I hope you will see from this
> work that I'm really keen to continue to work with you to get this in.
I've included this into my branches.
>> That is the only blocker I see from my side.
> The next blocker is that it seems we generate a different blob to
> windows with our password_hash code. In particular, you will see in
> those commits that the order of the Packages is different between Samba
> and Windows 2012R2.
> I'm out of time for today, but we need a test added in (say) the
> samba.tests.samba_tool.user.UserCmdTestCase.set_password test that
> extracts the supplementalCredentials from the database directly, and
> then asserts on the order and any other useful details, so we lock down
> the structure we produce.
I've added such a check.
> I'll look into that tomorrow if you don't manage to knock it up in the
> meantime. Perhaps you can look first at why the order is different?
There's no difference.
* The ordering is this
* Primary:Kerberos-Newer-Keys (optional)
* Primary:CLEARTEXT (optional)
* Primary:SambaGPG (optional)
* And the 'Packages' package is inserted before the last
* other package.
I hope the master4-gpgme branch which is now based on master4-smart-base
is ready to go.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical