Hello, I'm looking to use the new 'samba-tool user getpassword' or 'samba-tool user syncpasswords' for syncing to an OpenLDAP server. I've configured the 'password hash gpg key ids' in smb.conf. Everything appears to be working fine, except the plaintext passwords returned from samba-tool user getpassword --decrypt-samba-gpg are different. Do the returned values need to be decoded ? I'm using Samba 4.5.1 on CentOS 7 with gpgme-devel and pygpgme installed. The plaintext password for this is Hdg43hj5 samba-tool user getpassword username --attributes=virtualClearTextUTF16,virtualClearTextUTF8,virtualSambaGPG,unicodePwd --decrypt-samba-gpg dn: CN=username,CN=Users,DC=ad,DC=example,DC=com unicodePwd:: +kiiRa+tFYsnUIb+ABlZdQ=virtualClearTextUTF16:: SABkAGcANAAzAGgAagA1AA=virtualClearTextUTF8:: SGRnNDNoajUvirtualSambaGPG:: LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYy LjAuMjIgKEdOVS9MaW51eCkKCmhRRU1BN3hKTkYrUW02b21BUWY5R3lyMmViZmVHaDExeTlKSTZ4U UMyT3gvb3Z2dmRVVTFEYjNwc0I0a3djdlcKRkdhQzhFTDU3TWp2WFNvbW1qK3M3ZnVXdlo4NVRoZ1 J5T0ZTS3NmbmUvdzdKODU0Y3RzbnNTSTFvMDlJMi9qWApHUjN2SVdwVDZNcWhNNHFpY29aVXVLTjA yM0F0Rlp5SEFrMTRvNy9xK1RoRlVOZ2V1V2twUTVFWkNjR1FacjkxCk91NG9WTlhzY0RUcVNjbDJn ZE1HYzl6bWpsZklOWWJBYmVDVWJJNUczOVlyRkdmeExyVTJ2VlBqdkxLdThlREMKL0YrVHlVVTlTV ExLdmd1UWloeDFoVFZzOWEyUEQ1VVVyam5VWlBMUDJZRGlqSENlUzcrUkVaRWFwNjA0ZXRudgplb1 VoS3dhK29UamR0Vk03SkVGUFh6UzFKajk1bitoUU9vUW9vOGgvdk5KTEFYVkh6NG9pdEs1K0UvMDd JVW92Cm4zdlBpQ0RpL0Nld2RjV1gzN2NJandBQlVrR1BheENhOXRobkhDTERGdXhXQ1gzejg2K1BB aHUvTDRjZjBxeWcKcEw3OWx1Z0hjbnJlRkp4OAo9eHNFZwotLS0tLUVORCBQR1AgTUVTU0FHRS0tL S0tCg= Got password OK Thanks, Dale
Achim Gottinger
2016-Oct-26 18:38 UTC
[Samba] samba-tool user getpassword --decrypt-samba-gpg
Am 26.10.2016 um 19:52 schrieb Dale Renton via samba:> Hello, > > I'm looking to use the new 'samba-tool user getpassword' or 'samba-tool > user syncpasswords' for syncing to an OpenLDAP server. I've configured the > 'password hash gpg key ids' in smb.conf. Everything appears to be working > fine, except the plaintext passwords returned from samba-tool user > getpassword --decrypt-samba-gpg are different. Do the returned values need > to be decoded ? I'm using Samba 4.5.1 on CentOS 7 with gpgme-devel and > pygpgme installed. > > The plaintext password for this is Hdg43hj5 > > > > samba-tool user getpassword username > --attributes=virtualClearTextUTF16,virtualClearTextUTF8,virtualSambaGPG,unicodePwd > --decrypt-samba-gpg > > dn: CN=username,CN=Users,DC=ad,DC=example,DC=com > unicodePwd:: +kiiRa+tFYsnUIb+ABlZdQ=> virtualClearTextUTF16:: SABkAGcANAAzAGgAagA1AA=> virtualClearTextUTF8:: SGRnNDNoajU> virtualSambaGPG:: > LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYy > LjAuMjIgKEdOVS9MaW51eCkKCmhRRU1BN3hKTkYrUW02b21BUWY5R3lyMmViZmVHaDExeTlKSTZ4U > UMyT3gvb3Z2dmRVVTFEYjNwc0I0a3djdlcKRkdhQzhFTDU3TWp2WFNvbW1qK3M3ZnVXdlo4NVRoZ1 > J5T0ZTS3NmbmUvdzdKODU0Y3RzbnNTSTFvMDlJMi9qWApHUjN2SVdwVDZNcWhNNHFpY29aVXVLTjA > yM0F0Rlp5SEFrMTRvNy9xK1RoRlVOZ2V1V2twUTVFWkNjR1FacjkxCk91NG9WTlhzY0RUcVNjbDJn > ZE1HYzl6bWpsZklOWWJBYmVDVWJJNUczOVlyRkdmeExyVTJ2VlBqdkxLdThlREMKL0YrVHlVVTlTV > ExLdmd1UWloeDFoVFZzOWEyUEQ1VVVyam5VWlBMUDJZRGlqSENlUzcrUkVaRWFwNjA0ZXRudgplb1 > VoS3dhK29UamR0Vk03SkVGUFh6UzFKajk1bitoUU9vUW9vOGgvdk5KTEFYVkh6NG9pdEs1K0UvMDd > JVW92Cm4zdlBpQ0RpL0Nld2RjV1gzN2NJandBQlVrR1BheENhOXRobkhDTERGdXhXQ1gzejg2K1BB > aHUvTDRjZjBxeWcKcEw3OWx1Z0hjbnJlRkp4OAo9eHNFZwotLS0tLUVORCBQR1AgTUVTU0FHRS0tL > S0tCg=> > Got password OK > > > > > Thanks, > DaleThey are base64 encoded. #echo SGRnNDNoajU= | base64 -d Hdg43hj5
On 09:34:12 wrote Dale Renton via samba:> Hello, > > I'm looking to use the new 'samba-tool user getpassword' or > 'samba-tool user syncpasswords' for syncing to an OpenLDAP server. > I've configured the 'password hash gpg key ids' in smb.conf. > Everything appears to be working fine, except the plaintext > passwords returned from samba-tool user getpassword > --decrypt-samba-gpg are different. Do the returned values need to > be decoded ?yes, i.e. $ echo -n SGRnNDNoajU= |base64 -d ;echo Hdg43hj5 $> I'm using Samba 4.5.1 on CentOS 7 with gpgme-devel and > pygpgme installed. > > The plaintext password for this is Hdg43hj5 > > > > samba-tool user getpassword username > --attributes=virtualClearTextUTF16,virtualClearTextUTF8,virtualSambaG > PG,unicodePwd --decrypt-samba-gpg > > dn: CN=username,CN=Users,DC=ad,DC=example,DC=com > unicodePwd:: +kiiRa+tFYsnUIb+ABlZdQ=> virtualClearTextUTF16:: SABkAGcANAAzAGgAagA1AA=> virtualClearTextUTF8:: SGRnNDNoajU> virtualSambaGPG:: > LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tClZlcnNpb246IEdudVBHIHYy > LjAuMjIgKEdOVS9MaW51eCkKCmhRRU1BN3hKTkYrUW02b21BUWY5R3lyMmViZmVHaDEx > eTlKSTZ4U > UMyT3gvb3Z2dmRVVTFEYjNwc0I0a3djdlcKRkdhQzhFTDU3TWp2WFNvbW1qK3M3ZnVXd > lo4NVRoZ1 > J5T0ZTS3NmbmUvdzdKODU0Y3RzbnNTSTFvMDlJMi9qWApHUjN2SVdwVDZNcWhNNHFpY2 > 9aVXVLTjA > yM0F0Rlp5SEFrMTRvNy9xK1RoRlVOZ2V1V2twUTVFWkNjR1FacjkxCk91NG9WTlhzY0R > UcVNjbDJn > ZE1HYzl6bWpsZklOWWJBYmVDVWJJNUczOVlyRkdmeExyVTJ2VlBqdkxLdThlREMKL0Yr > VHlVVTlTV > ExLdmd1UWloeDFoVFZzOWEyUEQ1VVVyam5VWlBMUDJZRGlqSENlUzcrUkVaRWFwNjA0Z > XRudgplb1 > VoS3dhK29UamR0Vk03SkVGUFh6UzFKajk1bitoUU9vUW9vOGgvdk5KTEFYVkh6NG9pdE > s1K0UvMDd > JVW92Cm4zdlBpQ0RpL0Nld2RjV1gzN2NJandBQlVrR1BheENhOXRobkhDTERGdXhXQ1g > zejg2K1BB > aHUvTDRjZjBxeWcKcEw3OWx1Z0hjbnJlRkp4OAo9eHNFZwotLS0tLUVORCBQR1AgTUVT > U0FHRS0tL S0tCg=> > Got password OK > > > > > Thanks, > Dale-- Gruss Harry Jede