Web lists-archives.com

[Samba] Encoding problem with the unicodePwd stored into sam.ldb


I use Samba 4.9.5 on Linux Debian 9.

I want to extract users' passwords. A lot of passwords are ok, some are not.

Example with a password returning an error :
# ldbsearch -H /var/lib/samba/private/sam.ldb '(primaryGroupID=513)'
userPrincipalName unicodePwd
# record 494
unicodePwd:: wXQvJaSkn0gvg1POsY9Icw==
uidNumber: 5110
userPrincipalName: XXX
ok. Then, I convert the password from utf-16 to hex :
$ echo 'wXQvJaSkn0gvg1POsY9Icw==' | base64 -d -w 0 | hexdump -e '/1 "%02X"'

why there is a * and a new line ? base64 (and hexdump) are silent about

If I run hd instead of hexdump :
00000000  c1 74 2f 25 a4 a4 9f 48  2f 83 53 ce b1 8f 48 73

the problem is with the second 0xa4 character.

Is the format of the password stored in smb.ldb correct ? If not how could
I correct it ?

thank you for your help.

Jean-Yves Boisiaud - Alcor Consulting
49, rue du Chemin Vert
49300 Cholet
mobile : +33 6 63 71 73 46
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba