[Samba] retrieve machine password in current Samba?
Andrew Bartlett
abartlet at samba.org
Thu Sep 7 23:41:01 UTC 2017
On Thu, 2017-09-07 at 22:02 +0000, James Zuelow via samba wrote:
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Saturday, August 26, 2017 12:38 PM
> > To: James Zuelow; samba at lists.samba.org
> > Subject: Re: [Samba] retrieve machine password in current Samba?
>
> -- >8 -- snip -- 8< --
> >
> > The recent secrets changes to store the krb5 hashes changed some
> > things to
> > use a IDL defined NDR packed structure. I've not checked the
> > details, but that
> > might be what you are seeing.
> >
> > This is a very valid use case, we clearly do need a net sub-command
> > to just
> > print it.
> >
> > Andrew Bartlett
>
> Andrew,
>
> Would there be a way for me to translate that back somehow? I'm
> thinking that even if a new net command came out, I would be waiting
> for Debian to release Buster before I saw it show up on my stable
> machines.
I've looked into this, and I don't think we have changed the format, it
is just that we stopped keeping to ascii and small lengths for the
passwords. That flood of binary stuff is really the password!
So, the tdbdump output is still correct, but do you have to un-escape
it.
Otherwise, the attached script will print it on stdout, if you like it
and it works for you I can drop it in source4/scripting/bin for
posterity.
Sorry for the confusion!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list