[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM
Leonardo Bruno Lopes
leonardo at cefetmg.br
Wed Apr 12 20:31:51 UTC 2017
Dean Andrew and List,
I posted here
>>https://lists.samba.org/archive/samba/2017-April/207671.html<< that
my problem was solved, but I have the following question:
What is the possible security issues that may come from removing the
'supplementalCredentials' attribute?
Thanks,
Leonardo
Citando Andrew Bartlett <abartlet at samba.org>:
> On Sun, 2017-04-09 at 14:47 +0000, Leonardo Bruno Lopes via samba
> wrote:
>>
>> Dear Andrew,
>>
>> I confirmed that 'supplementalCredentials' has different values
>> depending on whether I use 'samba-tool' or 'ldbmodify' to set the
>> password. That seems to confirm your initial guess.
>>
>> > The code in pdb_samba_dsdb that owns the OID you use always removes
>> > this attribute when setting that OID, so you need to as well.
>>
>> Is there any chance that this could mean I only need to wipe
>> 'supplementalCredentials' attribute -- I saw that it is possible --
>> after set the password with 'ldbmodify'? Unfortunately I can't get
>> this tested until tomorrow.
>
> Yes, that is my suggestion.
>
>> By the way, congratulations guys, you have been doing such an
>> awesome
>> job with Samba and all this AD stuff, both coding and supporting.
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
> --
> Esta mensagem foi verificada pelo sistema de antivírus e
> acredita-se estar livre de perigo.
--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.
More information about the samba
mailing list