Web lists-archives.com

Re: [Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM




Dean Andrew and List,

I posted here >>https://lists.samba.org/archive/samba/2017-April/207671.html<< that my problem was solved, but I have the following question:

What is the possible security issues that may come from removing the 'supplementalCredentials' attribute?

Thanks,
Leonardo


Citando Andrew Bartlett <abartlet@xxxxxxxxx>:

On Sun, 2017-04-09 at 14:47 +0000, Leonardo Bruno Lopes via samba
wrote:

Dear Andrew,

I confirmed that 'supplementalCredentials' has different values  
depending on whether I use 'samba-tool' or 'ldbmodify' to set the  
password. That seems to confirm your initial guess.

> The code in pdb_samba_dsdb that owns the OID you use always removes
> this attribute when setting that OID, so you need to as well.

Is there any chance that this could mean I only need to wipe  
'supplementalCredentials' attribute -- I saw that it is possible --  
after set the password with 'ldbmodify'? Unfortunately I can't get  
this tested until tomorrow.

Yes, that is my suggestion.

By the way, congratulations guys, you have been doing such an
awesome  
job with Samba and all this AD stuff, both coding and supporting.

Thanks,

Andrew Bartlett
--
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


--
Esta mensagem foi verificada pelo sistema de antivírus e
 acredita-se estar livre de perigo.




--
Esta mensagem foi verificada pelo sistema de antivírus e
acredita-se estar livre de perigo.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba