Lapin Blanc
2018-Mar-25 19:19 UTC
[Samba] Google Cloud Directory Service password synchronization for AD DC
Hello again, and thank you so much for those valuable information, I'm
progressing well. Google accepts crypt hashes, and I've managed with
Garming's advice to get hashes when passwords get updated.
I've only one small question at this point, the hash seems to be printed
spanned on two lines, with a line break and a few spaces in the middle of
the hash... Is this normal ?
eg :
INFO : dn: CN=pierre,CN=Users,DC=educonsult,DC=intra
INFO : objectGUID: 9838c793-67f3-4e68-b362-f939e517313e
INFO : objectSid: S-1-5-21-1504766521-268068577-265870750-1104
INFO : sAMAccountName: pierre
INFO : userAccountControl: 512
INFO : pwdLastSet: 131664785101680280
INFO : msDS-KeyVersionNumber: 4
INFO : virtualCryptSHA512:
{CRYPT}$6$3WZAFpbFo5J6n2rS$tmDWcZEkgO5e89c5yBnyEYWamNi40CI
INFO : 32FermFcq3VweLGmR2qfsdjxbs0RiYJ6jrvWzlpIMDJMI1fSg8923t0
INFO :
Thank's !
2018-03-23 0:31 GMT+01:00 Andrew Bartlett <abartlet at samba.org>:
> On Thu, 2018-03-22 at 23:48 +0100, Lapin Blanc via samba wrote:
> > Hello, and thank you for the answer. I'm quite new to Samba, and
when you
> > speak about Samba storing a crypt() password hash and about the
> > virtualCryptSHA256 attribute I get the general meaning, but not the
way
> to
> > get to those informations.
> > Would you have any pointer on where I could learn more about that ? I
> found
> > discussions about some patches from Stefan Metzmacher in the mailing
> lists,
> > is this what you mean ?
> > Google only accepts plain text, Base64, MD5 or SHA1, I don't know
if I'll
> > found a consensus
> > Btw, I'll keep trying and keep you informed...
>
> See this for crypt() support:
> https://developers.google.com/admin-sdk/directory/v1/reference/users/up
> date#hashFunction
>
> Thanks,
>
> Andrew Bartlett
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>
Andrew Bartlett
2018-Mar-25 19:23 UTC
[Samba] Google Cloud Directory Service password synchronization for AD DC
On Sun, 2018-03-25 at 21:19 +0200, Lapin Blanc via samba wrote:> Hello again, and thank you so much for those valuable information, I'm > progressing well. Google accepts crypt hashes, and I've managed with > Garming's advice to get hashes when passwords get updated. > I've only one small question at this point, the hash seems to be printed > spanned on two lines, with a line break and a few spaces in the middle of > the hash... Is this normal ? > eg : > INFO : dn: CN=pierre,CN=Users,DC=educonsult,DC=intra > INFO : objectGUID: 9838c793-67f3-4e68-b362-f939e517313e > INFO : objectSid: S-1-5-21-1504766521-268068577-265870750-1104 > INFO : sAMAccountName: pierre > INFO : userAccountControl: 512 > INFO : pwdLastSet: 131664785101680280 > INFO : msDS-KeyVersionNumber: 4 > INFO : virtualCryptSHA512: > {CRYPT}$6$3WZAFpbFo5J6n2rS$tmDWcZEkgO5e89c5yBnyEYWamNi40CI > INFO : 32FermFcq3VweLGmR2qfsdjxbs0RiYJ6jrvWzlpIMDJMI1fSg8923t0 > INFO : > Thank's !Yes, it is standard for LDIF to have such a line wrap. (I hope that is a testing password). Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Lapin Blanc
2018-Mar-25 19:24 UTC
[Samba] Google Cloud Directory Service password synchronization for AD DC
Thank you ! And yes, it's a testing password, and I've changed the hash ;-) Fabien 2018-03-25 21:23 GMT+02:00 Andrew Bartlett <abartlet at samba.org>:> On Sun, 2018-03-25 at 21:19 +0200, Lapin Blanc via samba wrote: > > Hello again, and thank you so much for those valuable information, I'm > > progressing well. Google accepts crypt hashes, and I've managed with > > Garming's advice to get hashes when passwords get updated. > > I've only one small question at this point, the hash seems to be printed > > spanned on two lines, with a line break and a few spaces in the middle of > > the hash... Is this normal ? > > eg : > > INFO : dn: CN=pierre,CN=Users,DC=educonsult,DC=intra > > INFO : objectGUID: 9838c793-67f3-4e68-b362-f939e517313e > > INFO : objectSid: S-1-5-21-1504766521-268068577-265870750-1104 > > INFO : sAMAccountName: pierre > > INFO : userAccountControl: 512 > > INFO : pwdLastSet: 131664785101680280 > > INFO : msDS-KeyVersionNumber: 4 > > INFO : virtualCryptSHA512: > > {CRYPT}$6$3WZAFpbFo5J6n2rS$tmDWcZEkgO5e89c5yBnyEYWamNi40CI > > INFO : 32FermFcq3VweLGmR2qfsdjxbs0RiYJ6jrvWzlpIMDJMI1fSg8923t0 > > INFO : > > Thank's ! > > Yes, it is standard for LDIF to have such a line wrap. > > (I hope that is a testing password). > > Thanks, > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >
Apparently Analagous Threads
- Google Cloud Directory Service password synchronization for AD DC
- Google Cloud Directory Service password synchronization for AD DC
- Accentuated characters issue when receiving attributes from "samba user syncpasswords"
- Accentuated characters issue when receiving attributes from "samba user syncpasswords"
- broken mailing-list -> Re: Accentuated characters issue when receiving attributes from "samba user syncpasswords"