similar to: GSSAPIAuthentication needs krb5.keytabe on one config, not on another one

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someone ? ktutil: rkt decode.keytab ktutil:

Hi Justin, Thank you for your answer, I had found this utility during my searches, and will probably try it. As you say, reversible + plaintext is far for optimal from a security point of view. Also, I would like to integrate the solution in a "packaged" distribution like for example Zentyal or UCS. But I'm happy to learn that this solution is viable, I wouldn't lose my time

On Sat, 12 May 2018 19:45:10 +0200 Lapin Blanc <fabien.toune at lapin-blanc.com> wrote: > I'm studying samba related protocols for a work I have to present at > the university, > and for me to really understand how it works, I try to put in in > practice. So I was reading > http://www.kerberos.org/software/tutorial.html and tried to track > packets... I was hoping this

Hello, and thank you for the answer. I'm quite new to Samba, and when you speak about Samba storing a crypt() password hash and about the virtualCryptSHA256 attribute I get the general meaning, but not the way to get to those informations. Would you have any pointer on where I could learn more about that ? I found discussions about some patches from Stefan Metzmacher in the mailing lists, is

I'm trying to have my Samba 4 AD DC users mapped and synchronized with google apps for education accounts. I would like to start from the native windows password update procedure to eventually update the google apps password (actually, I think only some types of hashes are stored). Google actually provides a tool to synchronize user accounts and profiles which works juste fine. This tools

Hi, here's a proposal of a new ssh/scp-feature: ------------------------------------------------------- please implement a timeout with non-zero error-returncode on "Are you sure you want to continue connecting (yes/no)?" ------------------------------------------------------- My situation: recently I have implemented a cronjob that is using scp. Due to organizational

I receive stdin input from "samba user syncpasswords" in my python script. The user is created with ' Active Directory Users and Computers', and have some accentuated characters in their givenName and/or familyName (sn) When parsing the diff, the CN reads of, but weird characters appears in the attributes instead of the right name : INFO:root:DN found: CN=Arsène

On Thu, 2018-03-22 at 21:15 +0100, Lapin Blanc via samba wrote: > Hi Justin, > > Thank you for your answer, I had found this utility during my searches, and > will probably try it. As you say, reversible + plaintext is far for optimal > from a security point of view. > Also, I would like to integrate the solution in a "packaged" distribution > like for example

On Wed, 2018-03-28 at 16:06 +0200, Reindl Harald via samba wrote: > > Am 28.03.2018 um 15:52 schrieb Lapin Blanc via samba: > > I receive stdin input from "samba user syncpasswords" in my python script. > > The user is created with ' Active Directory Users and Computers', and have > > some accentuated characters in their givenName and/or familyName (sn)

Fabien, The way that we’ve accomplished this was to ensure that all users have the “Store passwords using reversible encryption” (which is not optimal) and use a utility called “samba4-gaps.” Also: samba-tool domain passwordsettings set --store-plaintext=on Works perfectly. https://github.com/baboons/samba4-gaps Justin > On Mar 22, 2018, at 3:58 PM, Lapin Blanc via samba <samba at

Hi, If you look at both: samba-tool user getpassword --help samba-tool user syncpasswords --help You may be able to find the information that you're looking for. Samba does store all the hashes in the LDAP directory, but you have to normally access them directly from the system (not over LDAP). You should also note that our Kerberos server reads and updates the password stored in the

Hi, I am trying to impliment OpenSSH v2.9p1 with the Krb5/GSSAPI patches at: http://www.sxw.org.uk/computing/patches/openssh-2.9p1-gssapi.patch On a FreeBSD 4.3-STABLE system (with both the integrated Heimdal libs and the MIT Krb5 package from ports intstalled). I patched the src tree, reconfigured, recompiled, installed, and it works - except for Krb5 passwords or Krb5 tickets. And I really

Thanks for the prompt reply! > I did see that you are using Administrator, and thats the problem. > Administrator is mapped to root ( most of the time ), > if you assigned Administrator UID = 0 then you have a problem, because only root = uid 0. > > Never ever give Administrator a UID/GID I am using tdb backend. It mapped administrator account to 12000:10000. > So try again

Hello again, and thank you so much for those valuable information, I'm progressing well. Google accepts crypt hashes, and I've managed with Garming's advice to get hashes when passwords get updated. I've only one small question at this point, the hash seems to be printed spanned on two lines, with a line break and a few spaces in the middle of the hash... Is this normal ? eg : INFO

https://bugzilla.mindrot.org/show_bug.cgi?id=3203 Bug ID: 3203 Summary: Could default_ccache_name from krb5.conf be used for GSSAPI connections? Product: Portable OpenSSH Version: 8.3p1 Hardware: ix86 OS: Linux Status: NEW Severity: enhancement Priority: P5

On Sat, 01 Dec 2018 15:23:36 -0500 Mark Foley <mfoley at ohprs.org> wrote: > On Sat, 1 Dec 2018 12:09:18 Rowland Penny wrote: > > > > On Sat, 01 Dec 2018 06:26:42 -0500 > > Mark Foley via samba <samba at lists.samba.org> wrote: > > > > > From either a Linux or Mac domain member, I have tried logging > > > into the Samba4 AD server as a

Hai, > -----Oorspronkelijk bericht----- > Van: Harpoon [mailto:harp00n at protonmail.com] > Verzonden: vrijdag 18 januari 2019 9:24 > Aan: L.P.H. van Belle > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] SSH SSO without keytab file > > Thanks for the prompt reply! Your welkom. > > > I did see that you are using Administrator, and thats the problem.

On Wed, 28 Mar 2018 16:59:19 +0200 Reindl Harald via samba <samba at lists.samba.org> wrote: > > > Am 28.03.2018 um 16:50 schrieb Lapin Blanc: > > Thank you for the tip, i'll use it, but how come it's correctly > > encoded in the DN and not in the attribute ? > > Is it related to the ldif format or something ? > > no idea and hence *do not* reply

Am 28.03.2018 um 16:50 schrieb Lapin Blanc: > Thank you for the tip, i'll use it, but how come it's correctly encoded > in the DN and not in the attribute ? > Is it related to the ldif format or something ? no idea and hence *do not* reply privately on mailing-lists i just recognize base64 when i see it proper mail clients respect List-Post: <mailto:samba at

http://bugzilla.mindrot.org/show_bug.cgi?id=1312 Summary: Add short command-line option -K for activating GSSAPIDelegateCredentials Product: Portable OpenSSH Version: 4.4p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Kerberos support