Web lists-archives.com

Re: [Samba] retrieve machine password in current Samba?




On Fri, 2017-09-08 at 01:43 +0000, James Zuelow via samba wrote:
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet@xxxxxxxxx]
> > Sent: Thursday, September 7, 2017 3:41 PM
> > To: James Zuelow; samba@xxxxxxxxxxxxxxx
> > Subject: Re: [Samba] retrieve machine password in current Samba?
> 
>  -- >8 -- snip -- 8< --
>  
> > I've looked into this, and I don't think we have changed the
> > format, it is just that
> > we stopped keeping to ascii and small lengths for the
> > passwords.  That flood of
> > binary stuff is really the password!
> > 
> > So, the tdbdump output is still correct, but do you have to un-
> > escape it.
> > 
> > Otherwise, the attached script will print it on stdout, if you like
> > it and it works
> > for you I can drop it in source4/scripting/bin for posterity.
> > 
> > Sorry for the confusion!
> > 
> > Andrew Bartlett
> 
> The confusion was on my part - when I tried to look at the string
> after unescaping it I was getting a jumble of Unicode characters and
> not the ascii string I was used to.  I spent a lot of effort trying
> to get that back into the form that I saw in the past, not realizing
> I didn't have to.

:-)

> But using your script and plugging that into wicd's wireless password
> works very well.
> 
> Essentially it boils down to:
> 
> Editing wicd's wireless-settings.conf:
> 
> identity = host/HOSTNAME.local.domain
> beforescript = /usr/local/sbin/machine-passwd.sh
> 
> And then machine-passwd.sh is similar to:
> 
> password=`/usr/local/sbin/machineaccountpw`
> wicd-cli -y -n (network-id)  --network-property password -s
> "${password}"
> 
> (I have a little logic in there to grab the network ID since it
> changes from time to time.)
> 
> Then when wicd connects, it presents the username of the machine
> account and the current machine password, whatever that may be.  I
> could probably work with your script to insert the password into
> wireless-settings.conf directly, but I’m too lazy to do that now that
> this is working.

While I don't like it being on the command line, avoiding putting it in
a config file is also a good idea, as Samba will change the password
every week.

> Thank you very much!

I'm glad to have helped!

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba