[Samba] Google Cloud Directory Service password synchronization for AD DC

Lapin Blanc fabien.toune at lapin-blanc.com
Sun Mar 25 19:19:30 UTC 2018


Hello again, and thank you so much for those valuable information, I'm
progressing well. Google accepts crypt hashes, and I've managed with
Garming's advice to get hashes when passwords get updated.
I've only one small question at this point, the hash seems to be printed
spanned on two lines, with a line break and a few spaces in the middle of
the hash... Is this normal ?
eg :
INFO : dn: CN=pierre,CN=Users,DC=educonsult,DC=intra
INFO : objectGUID: 9838c793-67f3-4e68-b362-f939e517313e
INFO : objectSid: S-1-5-21-1504766521-268068577-265870750-1104
INFO : sAMAccountName: pierre
INFO : userAccountControl: 512
INFO : pwdLastSet: 131664785101680280
INFO : msDS-KeyVersionNumber: 4
INFO : virtualCryptSHA512:
{CRYPT}$6$3WZAFpbFo5J6n2rS$tmDWcZEkgO5e89c5yBnyEYWamNi40CI
INFO :  32FermFcq3VweLGmR2qfsdjxbs0RiYJ6jrvWzlpIMDJMI1fSg8923t0
INFO :
Thank's !

2018-03-23 0:31 GMT+01:00 Andrew Bartlett <abartlet at samba.org>:

> On Thu, 2018-03-22 at 23:48 +0100, Lapin Blanc via samba wrote:
> > Hello, and thank you for the answer. I'm quite new to Samba, and when you
> > speak about  Samba storing a crypt() password hash and about the
> > virtualCryptSHA256 attribute I get the general meaning, but not the way
> to
> > get to those informations.
> > Would you have any pointer on where I could learn more about that ? I
> found
> > discussions about some patches from Stefan Metzmacher in the mailing
> lists,
> > is this what you mean ?
> > Google only accepts plain text, Base64, MD5 or SHA1, I don't know if I'll
> > found a consensus
> > Btw, I'll keep trying and keep you informed...
>
> See this for crypt() support:
> https://developers.google.com/admin-sdk/directory/v1/reference/users/up
> date#hashFunction
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>


More information about the samba mailing list