Re: [Samba] backup of tdb files
- Date: Sat, 13 Oct 2018 08:09:31 +1300
- From: Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] backup of tdb files
On Fri, 2018-10-12 at 16:59 +0200, Philipp Gesang via samba wrote:
> Hi Andrew,
> revisiting this subject once again because I seem to have reached
> an impass.
> -<| Quoting Andrew Bartlett <abartlet@xxxxxxxxx>, on Monday, 2018-09-24 07:14:48 PM |>-
> > On Mon, 2018-09-24 at 09:06 +0200, Philipp Gesang wrote:
> > > > A long time ago I posted a script to dump the machine password to
> > > > stdout for the benifit of an 802.1x client, but it never had tests
> > > > so
> > > > didn't get in.
> > > >
> > > > I could see JSON working well for this also. Perhaps extend either
> > > > samba-tool or net to print out the domain SID, local SID, domain
> > > > member password and hostname?
> > >
> > > Sounds promising. I’ll look into that.
> Right now I am using values obtained as follows:
> - hostname: get_global_sam_name()
> - local SID:
> secrets_fetch_domain_sid (get_global_sam_name(), …)
> == SECRETS/SID/CLIENTNAME in tdb
> - domain SID:
> secrets_fetch_domain_sid (lp_workgroup(), …)
> == SECRETS/SID/WORKGROUPNAME
> - domain member password:
> secrets_fetch_machine_password(lp_workgroup(), …)
> == SECRETS/MACHINE_DOMAIN_INFO/WORKGROUPNAME
> This approach works well with a manually joined AD member but not
> with any of the blackbox testsuites. In the secrets.tdb used
> during tests I find only the domain SID (e. g. SECRETS/SID/CHDCDOMAIN)
> but not the machine sid (probably SECRETS/SID/CLIENT).
> How come that machine sid is absent in the tests? Is there
> another means of retrieving it?
This is due to the test environment you are running in. If you ran it
in ad_member:local it would be there.
The 'client' environment (where you don't specify a :local) is used,
without the server's smb.conf or files, and doens't have a local SID.
Also, it is only set when a source3 passdb operation happens, so AD DC
client stuff won't trigger it (for historical reasons).
I hope this helps,
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
To unsubscribe from this list go to the following URL and read the