Web lists-archives.com

Re: [Samba] retrieve machine password in current Samba?





> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet@xxxxxxxxx]
> Sent: Thursday, September 7, 2017 3:41 PM
> To: James Zuelow; samba@xxxxxxxxxxxxxxx
> Subject: Re: [Samba] retrieve machine password in current Samba?
 -- >8 -- snip -- 8< --
 
> I've looked into this, and I don't think we have changed the format, it is just that
> we stopped keeping to ascii and small lengths for the passwords.  That flood of
> binary stuff is really the password!
> 
> So, the tdbdump output is still correct, but do you have to un-escape it.
> 
> Otherwise, the attached script will print it on stdout, if you like it and it works
> for you I can drop it in source4/scripting/bin for posterity.
> 
> Sorry for the confusion!
> 
> Andrew Bartlett

The confusion was on my part - when I tried to look at the string after unescaping it I was getting a jumble of Unicode characters and not the ascii string I was used to.  I spent a lot of effort trying to get that back into the form that I saw in the past, not realizing I didn't have to.

But using your script and plugging that into wicd's wireless password works very well.

Essentially it boils down to:

Editing wicd's wireless-settings.conf:

identity = host/HOSTNAME.local.domain
beforescript = /usr/local/sbin/machine-passwd.sh

And then machine-passwd.sh is similar to:

password=`/usr/local/sbin/machineaccountpw`
wicd-cli -y -n (network-id)  --network-property password -s "${password}"

(I have a little logic in there to grab the network ID since it changes from time to time.)

Then when wicd connects, it presents the username of the machine account and the current machine password, whatever that may be.  I could probably work with your script to insert the password into wireless-settings.conf directly, but I’m too lazy to do that now that this is working.

Thank you very much!

James 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba