[Samba] Samba 4 LDAP NTLM password nightly injection

Bo Kersey bo at vircio.com
Tue Aug 13 10:03:40 MDT 2013 

Luc,
Very helpful...  I'm doing a migration from a very non-standard samba ldap implementation that we can't just migrate.  We would like to save the users' passwords though.

I'm testing using known password hashes and I'm having trouble authenticating after I change the passwords.

How can I extract what is being inserted in to samba4 in order to verify that I'm doing things correctly?


Thanks!
Bo


----- Original Message -----
> From: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> To: samba at lists.samba.org
> Cc: "Andrew Bartlett" <abartlet at samba.org>
> Sent: Tuesday, April 9, 2013 11:25:47 AM
> Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection
> 
> Ok this works:
> 
> ####################################################################
> #!/usr/bin/env python
> 
> import sys
> 
> sys.path.insert(0, "/usr/local/samba/lib64/python2.6/site-packages")
> sys.path.insert(1, "/usr/local/samba/lib/python2.6/site-packages")
> 
> from samba import Ldb, registry
> from samba.param import LoadParm
> from samba.provision import provision, FILL_FULL, ProvisioningError,
> setsysvolacl
> from samba.samba3 import passdb
> from samba.samba3 import param as s3param
> from samba.dcerpc import lsa, samr, security
> from samba.dcerpc.security import dom_sid
> from samba.credentials import Credentials
> from samba import dsdb
> from samba.ndr import ndr_pack
> from samba import unix2nttime
> 
> # Convert Hex to Byte string
> def HexToByte( hexStr ):
>     bytes = []
>     hexStr = ''.join( hexStr.split(" ") )
>     for i in range(0, len(hexStr), 2):
>         bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )
>     return ''.join( bytes )
> 
> # Connect to samba4 backend
> new_lp_ctx = s3param.get_context()
> new_lp_ctx.load("/usr/local/samba/etc/smb.conf")
> new_lp_ctx.set("private dir", "/usr/local/samba/private")
> 
> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend"))
> 
> # Change testuser password
> new_userdata = s4_passdb.getsampwnam("testuser")
> new_userdata.nt_passwd =
> HexToByte("878D8014606CDA29677A44EFA1353FC7")
> new_userdata.lanman_passwd =
> HexToByte("552902031BEDE9EFAAD3B435B51404EE")
> s4_passdb.update_sam_account(new_userdata)
> ####################################################################
> 
> I was missing some module paths and the extra info for connecting to
> the LDB database...  Now I just have to generalize this procedure so
> that I can update the passwords every night like I do with
> Samba3-LDAP.
> 
> Andrew, thanks for the pointers.  I'm posting this in case it can
> help someone else.
> 
> ----- Original Message -----
> From: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> To: "Andrew Bartlett" <abartlet at samba.org>
> Cc: samba at lists.samba.org
> Sent: Wednesday, March 27, 2013 7:38:05 PM GMT -05:00 US/Canada
> Eastern
> Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection
> 
> Hello Andrew,
> 
> How would I convert the below base16 strings into raw bytes
> acceptable to this routine?  We presently inject the NTLM passwords
> directly into our LDAP database for Samba3.
> 
> Also, I can't seem to figure out the argument values for
> 'passdb.PDB'.  I tried 'ldb', 'samba_dsdb'.
> 
> Thanks for your help!
> 
> On 2013-03-27, at 6:18 PM, Andrew Bartlett <abartlet at samba.org>
> wrote:
> 
> > On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote:
> >> Hello Andrew,
> >> 
> >> I'm finally diving into this project...
> >> 
> >> First off, my sysadmin stuff is mostly in Perl.  So my Python is
> >> rudimentary at best.
> >> 
> >> Here we go anyway...  I've looked at the 'upgrade.py' but I can't
> >> seem to figure out how to connect to the Samba4 passwd database.
> >> 
> >> In the script I see these lines:
> >> 
> >> #######################################################
> >> # Connect to samba4 backend
> >> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend"))
> >> ########################################################
> >> 
> >> I would appreciate a hint on how to connect to the database
> >> please.  Where is the 'passdb' object referenced from?
> >> 
> >> Once that's done, from what I understand, I should be able to
> >> change the passwords directly:
> >> 
> >> #######################################################
> >> # Change foo-user password
> >> admin_userdata = s4_passdb.getsampwnam("foo-user")
> >> admin_userdata.nt_passwd = "878D8014606CDA29677A44EFA1353FC7"
> >> admin_userdata.lanman_passwd = "552902031BEDE9EFAAD3B435B51404EE"
> >> s4_passdb.update_sam_account(admin_userdata)
> >> #######################################################
> > 
> > Sort of.  Those values are not base16 strings, but raw bytes, but
> > otherwise that looks pretty much right at a first glance.
> > 
> > Andrew Bartlett
> > 
> > --
> > Andrew Bartlett
> >                                http://samba.org/~abartlet/
> > Authentication Developer, Samba Team           http://samba.org
> > 
> > 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> --
> Luc Lalonde, analyste
> ---------------------------------------------------------------------
> Département de génie informatique:
> École polytechnique de Montréal
> (514) 340-4711 x5049
> Luc.Lalonde at polymtl.ca
> ---------------------------------------------------------------------
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Bo Kersey
VirCIO - managed network solutions
4314 Avenue C
Austin, TX 78751
phone: (512)374-0500

If it is free, you are the product.

More information about the samba mailing list