[Samba] Samba 4 LDAP NTLM password nightly injection

Bo Kersey bo at vircio.com
Tue Aug 13 13:48:06 MDT 2013 

Duh...  got it, nvm...


new_userdata = s4_passdb.getsampwnam("jtest")
print binascii.hexlify(new_userdata.nt_passwd)

And my troubleshooting was required by a typo that I made..  argh!


----- Original Message -----
> From: "Bo Kersey" <bo at vircio.com>
> To: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> Cc: samba at lists.samba.org, "Andrew Bartlett" <abartlet at samba.org>
> Sent: Tuesday, August 13, 2013 11:03:40 AM
> Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection
> 
> Luc,
> Very helpful...  I'm doing a migration from a very non-standard samba
> ldap implementation that we can't just migrate.  We would like to
> save the users' passwords though.
> 
> I'm testing using known password hashes and I'm having trouble
> authenticating after I change the passwords.
> 
> How can I extract what is being inserted in to samba4 in order to
> verify that I'm doing things correctly?
> 
> 
> Thanks!
> Bo
> 
> 
> ----- Original Message -----
> > From: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> > To: samba at lists.samba.org
> > Cc: "Andrew Bartlett" <abartlet at samba.org>
> > Sent: Tuesday, April 9, 2013 11:25:47 AM
> > Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection
> > 
> > Ok this works:
> > 
> > ####################################################################
> > #!/usr/bin/env python
> > 
> > import sys
> > 
> > sys.path.insert(0,
> > "/usr/local/samba/lib64/python2.6/site-packages")
> > sys.path.insert(1, "/usr/local/samba/lib/python2.6/site-packages")
> > 
> > from samba import Ldb, registry
> > from samba.param import LoadParm
> > from samba.provision import provision, FILL_FULL,
> > ProvisioningError,
> > setsysvolacl
> > from samba.samba3 import passdb
> > from samba.samba3 import param as s3param
> > from samba.dcerpc import lsa, samr, security
> > from samba.dcerpc.security import dom_sid
> > from samba.credentials import Credentials
> > from samba import dsdb
> > from samba.ndr import ndr_pack
> > from samba import unix2nttime
> > 
> > # Convert Hex to Byte string
> > def HexToByte( hexStr ):
> >     bytes = []
> >     hexStr = ''.join( hexStr.split(" ") )
> >     for i in range(0, len(hexStr), 2):
> >         bytes.append( chr( int (hexStr[i:i+2], 16 ) ) )
> >     return ''.join( bytes )
> > 
> > # Connect to samba4 backend
> > new_lp_ctx = s3param.get_context()
> > new_lp_ctx.load("/usr/local/samba/etc/smb.conf")
> > new_lp_ctx.set("private dir", "/usr/local/samba/private")
> > 
> > s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend"))
> > 
> > # Change testuser password
> > new_userdata = s4_passdb.getsampwnam("testuser")
> > new_userdata.nt_passwd =
> > HexToByte("878D8014606CDA29677A44EFA1353FC7")
> > new_userdata.lanman_passwd =
> > HexToByte("552902031BEDE9EFAAD3B435B51404EE")
> > s4_passdb.update_sam_account(new_userdata)
> > ####################################################################
> > 
> > I was missing some module paths and the extra info for connecting
> > to
> > the LDB database...  Now I just have to generalize this procedure
> > so
> > that I can update the passwords every night like I do with
> > Samba3-LDAP.
> > 
> > Andrew, thanks for the pointers.  I'm posting this in case it can
> > help someone else.
> > 
> > ----- Original Message -----
> > From: "Luc Lalonde" <luc.lalonde at polymtl.ca>
> > To: "Andrew Bartlett" <abartlet at samba.org>
> > Cc: samba at lists.samba.org
> > Sent: Wednesday, March 27, 2013 7:38:05 PM GMT -05:00 US/Canada
> > Eastern
> > Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection
> > 
> > Hello Andrew,
> > 
> > How would I convert the below base16 strings into raw bytes
> > acceptable to this routine?  We presently inject the NTLM passwords
> > directly into our LDAP database for Samba3.
> > 
> > Also, I can't seem to figure out the argument values for
> > 'passdb.PDB'.  I tried 'ldb', 'samba_dsdb'.
> > 
> > Thanks for your help!
> > 
> > On 2013-03-27, at 6:18 PM, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> > 
> > > On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote:
> > >> Hello Andrew,
> > >> 
> > >> I'm finally diving into this project...
> > >> 
> > >> First off, my sysadmin stuff is mostly in Perl.  So my Python is
> > >> rudimentary at best.
> > >> 
> > >> Here we go anyway...  I've looked at the 'upgrade.py' but I
> > >> can't
> > >> seem to figure out how to connect to the Samba4 passwd database.
> > >> 
> > >> In the script I see these lines:
> > >> 
> > >> #######################################################
> > >> # Connect to samba4 backend
> > >> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend"))
> > >> ########################################################
> > >> 
> > >> I would appreciate a hint on how to connect to the database
> > >> please.  Where is the 'passdb' object referenced from?
> > >> 
> > >> Once that's done, from what I understand, I should be able to
> > >> change the passwords directly:
> > >> 
> > >> #######################################################
> > >> # Change foo-user password
> > >> admin_userdata = s4_passdb.getsampwnam("foo-user")
> > >> admin_userdata.nt_passwd = "878D8014606CDA29677A44EFA1353FC7"
> > >> admin_userdata.lanman_passwd =
> > >> "552902031BEDE9EFAAD3B435B51404EE"
> > >> s4_passdb.update_sam_account(admin_userdata)
> > >> #######################################################
> > > 
> > > Sort of.  Those values are not base16 strings, but raw bytes, but
> > > otherwise that looks pretty much right at a first glance.
> > > 
> > > Andrew Bartlett
> > > 
> > > --
> > > Andrew Bartlett
> > >                                http://samba.org/~abartlet/
> > > Authentication Developer, Samba Team           http://samba.org
> > > 
> > > 
> > 
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > --
> > Luc Lalonde, analyste
> > ---------------------------------------------------------------------
> > Département de génie informatique:
> > École polytechnique de Montréal
> > (514) 340-4711 x5049
> > Luc.Lalonde at polymtl.ca
> > ---------------------------------------------------------------------
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> --
> Bo Kersey
> VirCIO - managed network solutions
> 4314 Avenue C
> Austin, TX 78751
> phone: (512)374-0500
> 
> If it is free, you are the product.
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
Bo Kersey
VirCIO - managed network solutions
4314 Avenue C
Austin, TX 78751
phone: (512)374-0500

If it is free, you are the product.

More information about the samba mailing list