[Samba] Format of LSA Secret for Interdomain Trust Password

[David Boynton]

Andrew Bartlett wrote:

> Are you sure its an obfusticated hash?  Are you sure its not just the
> hash?

No, actually I'm not.  All I can say with reasonable certainty is that it's
not a LANMAN hash as I ran John the Ripper on it for over 3 days (1 Ghz
Machine).  What leads me to believe that it's not just a straight NTLM hash
is that various MS technet articles refer to the trust password secret
having two fields (possibly three): Current Password, Old Password, and
possibly last change time.  Although it is suspicious that it's always
exactly 16 bytes.

> I would connect with some of the Samba-TNG tools and try and get back
> the hash.  However, thats only half the story ;-).  Samba doesn't
> support trusted domains anyway - and neither really does Samba-TNG -
> both at the very least require that you hand-create the accounts in
> /etc/passwd for the trusted domain.

Actually I got this to work for a few tests under the latest CVS build and
using WinBind to replicate the accounts from the trusted domain locally.
The hardest part was figuring out the settings for "auth method" as they
haven't been documented yet.  Fortunately with open source software that's
not a huge problem. :)

I guess I am going to have to take a harder look at TNG's source.  Strangely
enough, the last version I pulled off CVS wouldn't make.


Thanks,
Dave