[Samba] Encoding problem with the unicodePwd stored into sam.ldb

Wed Apr 3 11:48:07 UTC 2019

hello,

I found the problem. Nothing to do with Samba...

 echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0

is binary data containing newline (0x0d).

the simple way to resolve my problem is to use a perl or python script.

Example with python3 :

import base64
import binascii

binascii.b2a_hex(base64.b64decode("wXQvJaSkn0gvg1POsY9Icw=="))
b'c1742f25a4a49f482f8353ceb18f4873'

thanks for your help.

Le jeu. 28 mars 2019 à 21:21, Rowland Penny via samba <samba at lists.samba.org>
a écrit :

> On Thu, 28 Mar 2019 21:05:57 +0100
> jean-yves boisiaud via samba <samba at lists.samba.org> wrote:
>
> > hello,
> >
> > I use Samba 4.9.5 on Linux Debian 9.
> >
> > I want to extract users' passwords. A lot of passwords are ok, some
> > are not.
> >
> > Example with a password returning an error :
> > # ldbsearch -H /var/lib/samba/private/sam.ldb '(primaryGroupID=513)'
> > userPrincipalName unicodePwd
> > ....
> > # record 494
> > dn: CN=XXX,CN=Users,DC=YYY,DC=ZZZ,DC=fr
> > unicodePwd:: wXQvJaSkn0gvg1POsY9Icw==
> > uidNumber: 5110
> > userPrincipalName: XXX
> > ...
> > ok. Then, I convert the password from utf-16 to hex :
> > $ echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0 | hexdump -e '/1
> > "%02X"' C1742F25A4*
> > 9F482F8353CEB18F4873
> >
> > why there is a * and a new line ? base64 (and hexdump) are silent
> > about that.
> >
> > If I run hd instead of hexdump :
> > 00000000  c1 74 2f 25 a4 a4 9f 48  2f 83 53 ce b1 8f 48 73
> > |.t/%...H/.S...Hs|
> >
> > the problem is with the second 0xa4 character.
> >
> > Is the format of the password stored in smb.ldb correct ? If not how
> > could I correct it ?
> >
> > thank you for your help.
> >
>
> You might want to type this into a terminal on a Samba AD DC:
>
> samba-tool user getpassword --help
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Jean-Yves Boisiaud - Alcor Consulting
49, rue du Chemin Vert
49300 Cholet
mobile : +33 6 63 71 73 46