[Samba] Obtaining password hash from kerberos ?
Rowland Penny
rowlandpenny241155 at gmail.com
Sat Sep 26 13:09:01 UTC 2015
On 26/09/15 12:01, Guy-Laurent Subri wrote:
> Hi!
>
>> How is samba set up ?
> Samba was set up automatically. It was already installed on a linux
> distro called Zentyal. It's a Samba 4 AD DC install.
>> What versions of Samba?
> The output of 'samba -V' is : Version 4.1.17-Zentyal.
>> When you say 'LDAP' do you mean 'LDAP' or the 'LDAP' built into a
>> Samba4 DC?
> I want to merge two built-in LDAP of Samba4 into another LDAP which will
> not be a built-in LDAP, but one I set up on my own.
The LDAP built into an AD DC is not the same as OPENLDAP and as such you
cannot directly use info from one with the other i.e. whilst either will
produce an ldif dump, you cannot use that ldif with the other.
>> When you say 'kerberos' do you mean a standalone kerberos or the
>> kerberos built into a Samba4 DC?
> I mean the built-in kerberos
You cannot obtain a clear version of any passwords stored in AD, you can
only obtain the hashed password and then only on the Samba4 AD DC. You
also cannot get any passwords from kerberos, it doesn't actually use them!
>
> I thought that I found a solution: using kdb5-util I could have copied
> the kerberos database and merge it in another, but it is not installed
> and if I try to install it, it will remove parts of Zentyal, which I
> need.
>
Have a look here:
https://wiki.samba.org/index.php/Authenticating_Apache_against_Active_Directory
This may help you with what you are trying to do
Rowland
> Thank you for your time,
>
> P.S. is my problem clear or should I try to explain it in another way ?
P.S. Yes it is clear, it is clear you don't really know what you are
doing, I would suggest that you do a lot more reading, the Samba wiki is
a good place to start. :-)
>
> Guy-Laurent Subri
More information about the samba
mailing list