similar to: Google Cloud Directory Service password synchronization for AD DC

Hi Justin, Thank you for your answer, I had found this utility during my searches, and will probably try it. As you say, reversible + plaintext is far for optimal from a security point of view. Also, I would like to integrate the solution in a "packaged" distribution like for example Zentyal or UCS. But I'm happy to learn that this solution is viable, I wouldn't lose my time

Hello, and thank you for the answer. I'm quite new to Samba, and when you speak about Samba storing a crypt() password hash and about the virtualCryptSHA256 attribute I get the general meaning, but not the way to get to those informations. Would you have any pointer on where I could learn more about that ? I found discussions about some patches from Stefan Metzmacher in the mailing lists, is

Hello again, and thank you so much for those valuable information, I'm progressing well. Google accepts crypt hashes, and I've managed with Garming's advice to get hashes when passwords get updated. I've only one small question at this point, the hash seems to be printed spanned on two lines, with a line break and a few spaces in the middle of the hash... Is this normal ? eg : INFO

On Thu, 2018-03-22 at 21:15 +0100, Lapin Blanc via samba wrote: > Hi Justin, > > Thank you for your answer, I had found this utility during my searches, and > will probably try it. As you say, reversible + plaintext is far for optimal > from a security point of view. > Also, I would like to integrate the solution in a "packaged" distribution > like for example

Hi, If you look at both: samba-tool user getpassword --help samba-tool user syncpasswords --help You may be able to find the information that you're looking for. Samba does store all the hashes in the LDAP directory, but you have to normally access them directly from the system (not over LDAP). You should also note that our Kerberos server reads and updates the password stored in the

Fabien, The way that we’ve accomplished this was to ensure that all users have the “Store passwords using reversible encryption” (which is not optimal) and use a utility called “samba4-gaps.” Also: samba-tool domain passwordsettings set --store-plaintext=on Works perfectly. https://github.com/baboons/samba4-gaps Justin > On Mar 22, 2018, at 3:58 PM, Lapin Blanc via samba <samba at

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil:

On Wed, 2018-03-28 at 16:06 +0200, Reindl Harald via samba wrote: > > Am 28.03.2018 um 15:52 schrieb Lapin Blanc via samba: > > I receive stdin input from "samba user syncpasswords" in my python script. > > The user is created with ' Active Directory Users and Computers', and have > > some accentuated characters in their givenName and/or familyName (sn)

I receive stdin input from "samba user syncpasswords" in my python script. The user is created with ' Active Directory Users and Computers', and have some accentuated characters in their givenName and/or familyName (sn) When parsing the diff, the CN reads of, but weird characters appears in the attributes instead of the right name : INFO:root:DN found: CN=Arsène

On Sun, 2018-03-25 at 21:19 +0200, Lapin Blanc via samba wrote: > Hello again, and thank you so much for those valuable information, I'm > progressing well. Google accepts crypt hashes, and I've managed with > Garming's advice to get hashes when passwords get updated. > I've only one small question at this point, the hash seems to be printed > spanned on two lines,

On Wed, 28 Mar 2018 17:32:33 +0200 Reindl Harald via samba <samba at lists.samba.org> wrote: > > > Am 28.03.2018 um 17:21 schrieb Rowland Penny via samba: > > On Wed, 28 Mar 2018 16:59:19 +0200 > > Reindl Harald via samba <samba at lists.samba.org> wrote: > > > >> > >> > >> Am 28.03.2018 um 16:50 schrieb Lapin Blanc: >

On Wed, 28 Mar 2018 16:59:19 +0200 Reindl Harald via samba <samba at lists.samba.org> wrote: > > > Am 28.03.2018 um 16:50 schrieb Lapin Blanc: > > Thank you for the tip, i'll use it, but how come it's correctly > > encoded in the DN and not in the attribute ? > > Is it related to the ldif format or something ? > > no idea and hence *do not* reply

On Sat, 12 May 2018 19:45:10 +0200 Lapin Blanc <fabien.toune at lapin-blanc.com> wrote: > I'm studying samba related protocols for a work I have to present at > the university, > and for me to really understand how it works, I try to put in in > practice. So I was reading > http://www.kerberos.org/software/tutorial.html and tried to track > packets... I was hoping this

On Wed, 28 Mar 2018 18:22:16 +0200 Reindl Harald via samba <samba at lists.samba.org> wrote: > > > Am 28.03.2018 um 18:07 schrieb Rowland Penny via samba: > > On Wed, 28 Mar 2018 17:32:33 +0200 > > Reindl Harald via samba <samba at lists.samba.org> wrote: > > > >> > >> > >> Am 28.03.2018 um 17:21 schrieb Rowland Penny via samba:

Hi, I don't know if this is the right place for this kind of questions, and I'm sorry if that's not the case. I have a work to present for school for which I need to understand the authentication processes in samba 4 latest versions (ie >= 4.7). More precisely, about the protocols involved (ldap, ldaps, kerberos, others ?), encryption types, etc. Googling for documentation, I found

Hi, i have setup an ad dc with samba 4.8, and then rigorously followed wiki tutorial at : https://wiki.samba.org/index.php/Setting_up_a_Share_Using_Windows_ACLs However, when following the last part (File System ACLs in the Back End), I don't get the expected results : [root at mydc ~]# getfattr -d /srv/samba/Demo/ doesn't yield anything and getfacl /srv/samba/Demo/ getfacl : suppression

Dear Samba Users, I configured a samba share on a linux centos 7 server as server member of an Active Directory Domain. I used posix extended unix attributes in AD for permissions on the Samba share. Winbind and SSSD are also installed for the mapping of unix attibutes. My question is more about security. The linux server is using kerberos to dial with AD server (SSSD + Krb pam etc.). I

On Tue, 23 Oct 2018 10:07:29 +1300 Garming Sam via samba <samba at lists.samba.org> wrote: > Hi, > > On 20/10/18 1:26 AM, Julien Ropé via samba wrote: > > > >  The deployment works, and computers seems to interact with the > > RODCs as they should, but sometimes computers leave the domain > > after a password change. > > > >  This seems to

Yes it could be interesting. I want to use it to send the password has an API for other software. I currently use the "Store passwords using reversible encryption" to use my API. But I do not like this operation. I then use "http://ltb-project.org/wiki/documentation/self-service-password" with the " post hook" Your patch it allows you also to retrieve the user

interesting ! Let me take a closer look at that. I must send passwords in Office 365 and Google Apps. Currently, My script works but it requires that Samba is configured with the "Plain text Password" option. I want to change that. "Check password script" could solve my problem. "http://ltb-project.org/wiki/documentation/self-service-password" with " post