Andrew Bartlett
2015-Aug-26 19:32 UTC
[Samba] Proof of samba 4 ad storing passwords in a secure manner
On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote:> Thanks, that helped me a lot =) But it doesn't seem that sam.ldb > holds any password data. I found something similar in file (my domain > is NOVO.MTT) > > /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldbCorrect, the sam.ldb is a wrapper that loads modules which in turn loads the other files, which actually contain the domain data. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Rowland Penny
2015-Aug-26 19:55 UTC
[Samba] Proof of samba 4 ad storing passwords in a secure manner
On 26/08/15 20:32, Andrew Bartlett wrote:> On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote: >> Thanks, that helped me a lot =) But it doesn't seem that sam.ldb >> holds any password data. I found something similar in file (my domain >> is NOVO.MTT) >> >> /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldb > Correct, the sam.ldb is a wrapper that loads modules which in turn > loads the other files, which actually contain the domain data. > > Andrew BartlettHi Andrew, Can we now actually directly change things in the ldb files in sam.ldb.d ? You previously have said to never change these files directly. Rowland
Andrew Bartlett
2015-Aug-26 22:36 UTC
[Samba] Proof of samba 4 ad storing passwords in a secure manner
On Wed, 2015-08-26 at 20:55 +0100, Rowland Penny wrote:> On 26/08/15 20:32, Andrew Bartlett wrote: > > On Wed, 2015-08-26 at 13:15 +0300, Krutskikh Ivan wrote: > > > Thanks, that helped me a lot =) But it doesn't seem that sam.ldb > > > holds any password data. I found something similar in file (my > > > domain > > > is NOVO.MTT) > > > > > > /usr/local/samba/private/sam.ldb.d/DC=NOVO,DC=MTT.ldb > > Correct, the sam.ldb is a wrapper that loads modules which in turn > > loads the other files, which actually contain the domain data. > > > > Andrew Bartlett > > Hi Andrew, > Can we now actually directly change things in the ldb files in > sam.ldb.d ? > You previously have said to never change these files directly.No, you should not directly edit those files, as doing so bypasses the protections and assistance provided by the ldb module stack. Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba