[Samba] Encoding problem with the unicodePwd stored into sam.ldb
Rowland Penny
rpenny at samba.org
Thu Mar 28 20:20:49 UTC 2019
On Thu, 28 Mar 2019 21:05:57 +0100
jean-yves boisiaud via samba <samba at lists.samba.org> wrote:
> hello,
>
> I use Samba 4.9.5 on Linux Debian 9.
>
> I want to extract users' passwords. A lot of passwords are ok, some
> are not.
>
> Example with a password returning an error :
> # ldbsearch -H /var/lib/samba/private/sam.ldb '(primaryGroupID=513)'
> userPrincipalName unicodePwd
> ....
> # record 494
> dn: CN=XXX,CN=Users,DC=YYY,DC=ZZZ,DC=fr
> unicodePwd:: wXQvJaSkn0gvg1POsY9Icw==
> uidNumber: 5110
> userPrincipalName: XXX
> ...
> ok. Then, I convert the password from utf-16 to hex :
> $ echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0 | hexdump -e '/1
> "%02X"' C1742F25A4*
> 9F482F8353CEB18F4873
>
> why there is a * and a new line ? base64 (and hexdump) are silent
> about that.
>
> If I run hd instead of hexdump :
> 00000000 c1 74 2f 25 a4 a4 9f 48 2f 83 53 ce b1 8f 48 73
> |.t/%...H/.S...Hs|
>
> the problem is with the second 0xa4 character.
>
> Is the format of the password stored in smb.ldb correct ? If not how
> could I correct it ?
>
> thank you for your help.
>
You might want to type this into a terminal on a Samba AD DC:
samba-tool user getpassword --help
Rowland
More information about the samba
mailing list