[Samba] retrieve machine password in current Samba?
Andrew Bartlett
abartlet at samba.org
Fri Sep 8 02:56:48 UTC 2017
On Fri, 2017-09-08 at 01:43 +0000, James Zuelow via samba wrote:
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Thursday, September 7, 2017 3:41 PM
> > To: James Zuelow; samba at lists.samba.org
> > Subject: Re: [Samba] retrieve machine password in current Samba?
>
> -- >8 -- snip -- 8< --
>
> > I've looked into this, and I don't think we have changed the
> > format, it is just that
> > we stopped keeping to ascii and small lengths for the
> > passwords. That flood of
> > binary stuff is really the password!
> >
> > So, the tdbdump output is still correct, but do you have to un-
> > escape it.
> >
> > Otherwise, the attached script will print it on stdout, if you like
> > it and it works
> > for you I can drop it in source4/scripting/bin for posterity.
> >
> > Sorry for the confusion!
> >
> > Andrew Bartlett
>
> The confusion was on my part - when I tried to look at the string
> after unescaping it I was getting a jumble of Unicode characters and
> not the ascii string I was used to. I spent a lot of effort trying
> to get that back into the form that I saw in the past, not realizing
> I didn't have to.
:-)
> But using your script and plugging that into wicd's wireless password
> works very well.
>
> Essentially it boils down to:
>
> Editing wicd's wireless-settings.conf:
>
> identity = host/HOSTNAME.local.domain
> beforescript = /usr/local/sbin/machine-passwd.sh
>
> And then machine-passwd.sh is similar to:
>
> password=`/usr/local/sbin/machineaccountpw`
> wicd-cli -y -n (network-id) --network-property password -s
> "${password}"
>
> (I have a little logic in there to grab the network ID since it
> changes from time to time.)
>
> Then when wicd connects, it presents the username of the machine
> account and the current machine password, whatever that may be. I
> could probably work with your script to insert the password into
> wireless-settings.conf directly, but I’m too lazy to do that now that
> this is working.
While I don't like it being on the command line, avoiding putting it in
a config file is also a good idea, as Samba will change the password
every week.
> Thank you very much!
I'm glad to have helped!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list