[Samba] retrieve machine password in current Samba?

Andrew Bartlett abartlet at samba.org
Thu Sep 7 23:41:01 UTC 2017

On Thu, 2017-09-07 at 22:02 +0000, James Zuelow via samba wrote:
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Saturday, August 26, 2017 12:38 PM
> > To: James Zuelow; samba at lists.samba.org
> > Subject: Re: [Samba] retrieve machine password in current Samba?
> -- >8 -- snip -- 8< --
> > 
> > The recent secrets changes to store the krb5 hashes changed some
> > things to
> > use a IDL defined NDR packed structure.  I've not checked the
> > details, but that
> > might be what you are seeing.
> > 
> > This is a very valid use case, we clearly do need a net sub-command 
> > to just
> > print it.
> > 
> > Andrew Bartlett
> Andrew,
> Would there be a way for me to translate that back somehow?  I'm
> thinking that even if a new net command came out, I would be waiting
> for Debian to release Buster before I saw it show up on my stable
> machines.

I've looked into this, and I don't think we have changed the format, it
is just that we stopped keeping to ascii and small lengths for the
passwords.  That flood of binary stuff is really the password!

So, the tdbdump output is still correct, but do you have to un-escape

Otherwise, the attached script will print it on stdout, if you like it
and it works for you I can drop it in source4/scripting/bin for

Sorry for the confusion!

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   

More information about the samba mailing list