[PATCH] dump and restore domain trust info
Philipp Gesang
philipp.gesang at intra2net.com
Thu Jan 10 15:53:56 UTC 2019
-<| Quoting Stefan Metzmacher via samba-technical <metze at samba.org>, on Thursday, 2019-01-10 04:32:51 PM |>-
> Hi Philipp,
>
> >>> While integrating Samba with our backup system, I’ve been adding functionality
> >>> for dumping and undumping the domain member information in a hopefully portable
> >>> way. I think I have now reached a point where I’d like to elicit external
> >>> feedback so I would like you have a look at the attached patchset. Eventually
> >>> we would like for this functionality to be merged.
> >>>
> >>> After some experiments I settled on extending “net primarytrust dumpinfo” with
> >>> json output and adding a companion “net primarytrust readinfo” for replaying a
> >>> dump obtained this way.
> >>
> >> What about using "net primarytrust export" and
> >> "net primarytrust import"? They would always use json and include passwords.
> >
> > “primarytrust dumpinfo” already exists. Should this be renamed to
> > “… export” or do you propose decoupling the json based import/export
> > from the existing dumpinfo altogether?
>
> Yes, it's something different. dumpinfo dumps all details, which are stored.
>
> export and import would only handle the cleartext password, but not
> the pre-calculated hashes.
>
> >> And the import should only work if there's nothing stored yet.
> >
> > Is there a way to erase what’s stored?
>
> net ads leave.
I mean locally. “net ads leave” performs a logon against the DC.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190110/337f3ea8/signature.sig>
More information about the samba-technical
mailing list