[Samba] insert password hash
Marcos Ariel Negrini
mnegrini at afip.gob.ar
Wed Nov 30 13:47:26 UTC 2022
Hello:
I have implemented an Ad samba4 and for process issues I need the user
password changes to be done from an external system. Currently the
password changes are made from that system by connecting to the ldaps
port, but our idea is that the operations are centralized in an api rest
and we are trying to make a method that receives the hash from the
external system and apply it in samba4 (for audit issues we do not want
to receive the flat password with any reversible method that involves
the administration in some instance of our part of the flat password).
I have been testing to generate the hash and insert it through
"ldbmodify" with bash:
user=123456789
user_pass="password"
UNICODEPWD=$(echo -n "\"$user_pass\"" | iconv -f UTF-8 -t UTF-16LE |
base64 -w 0)
ldbmodify -H /.../sam.ldb --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0
<< EOF
dn: CN=$user,OU=user,DC=company,DC=com
changetype: modify
delete: unicodePwd
-
add: unicodePwd
unicodePwd:: $UNICODEPWD
EOF
My question is if the script is correct, because even if I apply the new
password, when I want to test with kinit it doesn't give ok.
I was reading a thread on the list but I was not clear if the method is
correct or just suggestions to try.
I was also trying to identify in the samba-tool source code how it
performs the password change (setpassword) but I did not find the code
it uses.
Regards
Marcos Negrini
More information about the samba
mailing list