[Samba] user password hash
mj
lists at merit.unu.edu
Thu Oct 10 11:55:18 UTC 2019
Hi Rowland, all,
On 10/9/19 9:11 AM, Rowland penny via samba wrote:
> You could run something like this on a Samba AD DC:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b
> 'dc=samdom,dc=example,dc=com' -s sub
> '(&(objectclass=user)(samaccountname=rowland))' unicodePwd
>
> This will get you a users password, you just need to run it through the
> reverse of what I posted earlier to see the actual users password.
Out of curiosity I tried that, and wrote the following little bash script:
> PASSWORD="zKY\.Jp4jdiJ\_"
> UNICODEPW_GENERATED="$(echo -n "$PASSWORD" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0)"
> PASSWORD_DECODED_FROM_UNICODEPW="$(echo -n $UNICODEPW_GENERATED | base64 -d -w 0 | iconv -t UTF-8 -f UTF-16LE)"
>
> echo "Password: $PASSWORD"
> echo "Generated unicodePwd: $UNICODEPW_GENERATED"
> echo "Decoded password: $PASSWORD_DECODED_FROM_UNICODEPW"
This gives normal looking output:
> Password: zKY\.Jp4jdiJ\_
> Generated unicodePwd: egBLAFkAXAAuAEoAcAA0AGoAZABpAEoAXABfAA==
> Decoded password: zKY\.Jp4jdiJ\_
HOWEVER: the AD unicodePwd field for this testuser with that password
(set with samba-tool) is something different:
> ~# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'dc=testsamba,dc=company,dc=com' -s sub '(&(objectclass=user)(samaccountname=test))' unicodePwd
> # record 1
> dn: CN=ted t. test,CN=Users,DC=testsamba,DC=company,DC=com
> unicodePwd:: eD1jkPHBRopHzc00qaK6fw==
so the actual unicodePwd field in AD is not what the script generated.
I tried various users, and confirmed that the AD unicodePwd actually
works by logging in as my test users.
So... I am wondering what is wrong in my testing/logic..?
Thanks for the interesting discussion!
MJ
More information about the samba
mailing list