Luc, Very helpful... I'm doing a migration from a very non-standard samba ldap implementation that we can't just migrate. We would like to save the users' passwords though.
I'm testing using known password hashes and I'm having trouble authenticating after I change the passwords. How can I extract what is being inserted in to samba4 in order to verify that I'm doing things correctly? Thanks! Bo ----- Original Message ----- > From: "Luc Lalonde" <luc.lalo...@polymtl.ca> > To: samba@lists.samba.org > Cc: "Andrew Bartlett" <abart...@samba.org> > Sent: Tuesday, April 9, 2013 11:25:47 AM > Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection > > Ok this works: > > #################################################################### > #!/usr/bin/env python > > import sys > > sys.path.insert(0, "/usr/local/samba/lib64/python2.6/site-packages") > sys.path.insert(1, "/usr/local/samba/lib/python2.6/site-packages") > > from samba import Ldb, registry > from samba.param import LoadParm > from samba.provision import provision, FILL_FULL, ProvisioningError, > setsysvolacl > from samba.samba3 import passdb > from samba.samba3 import param as s3param > from samba.dcerpc import lsa, samr, security > from samba.dcerpc.security import dom_sid > from samba.credentials import Credentials > from samba import dsdb > from samba.ndr import ndr_pack > from samba import unix2nttime > > # Convert Hex to Byte string > def HexToByte( hexStr ): > bytes = [] > hexStr = ''.join( hexStr.split(" ") ) > for i in range(0, len(hexStr), 2): > bytes.append( chr( int (hexStr[i:i+2], 16 ) ) ) > return ''.join( bytes ) > > # Connect to samba4 backend > new_lp_ctx = s3param.get_context() > new_lp_ctx.load("/usr/local/samba/etc/smb.conf") > new_lp_ctx.set("private dir", "/usr/local/samba/private") > > s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend")) > > # Change testuser password > new_userdata = s4_passdb.getsampwnam("testuser") > new_userdata.nt_passwd = > HexToByte("878D8014606CDA29677A44EFA1353FC7") > new_userdata.lanman_passwd = > HexToByte("552902031BEDE9EFAAD3B435B51404EE") > s4_passdb.update_sam_account(new_userdata) > #################################################################### > > I was missing some module paths and the extra info for connecting to > the LDB database... Now I just have to generalize this procedure so > that I can update the passwords every night like I do with > Samba3-LDAP. > > Andrew, thanks for the pointers. I'm posting this in case it can > help someone else. > > ----- Original Message ----- > From: "Luc Lalonde" <luc.lalo...@polymtl.ca> > To: "Andrew Bartlett" <abart...@samba.org> > Cc: samba@lists.samba.org > Sent: Wednesday, March 27, 2013 7:38:05 PM GMT -05:00 US/Canada > Eastern > Subject: Re: [Samba] Samba 4 LDAP NTLM password nightly injection > > Hello Andrew, > > How would I convert the below base16 strings into raw bytes > acceptable to this routine? We presently inject the NTLM passwords > directly into our LDAP database for Samba3. > > Also, I can't seem to figure out the argument values for > 'passdb.PDB'. I tried 'ldb', 'samba_dsdb'. > > Thanks for your help! > > On 2013-03-27, at 6:18 PM, Andrew Bartlett <abart...@samba.org> > wrote: > > > On Tue, 2013-03-26 at 11:10 -0400, Luc Lalonde wrote: > >> Hello Andrew, > >> > >> I'm finally diving into this project... > >> > >> First off, my sysadmin stuff is mostly in Perl. So my Python is > >> rudimentary at best. > >> > >> Here we go anyway... I've looked at the 'upgrade.py' but I can't > >> seem to figure out how to connect to the Samba4 passwd database. > >> > >> In the script I see these lines: > >> > >> ####################################################### > >> # Connect to samba4 backend > >> s4_passdb = passdb.PDB(new_lp_ctx.get("passdb backend")) > >> ######################################################## > >> > >> I would appreciate a hint on how to connect to the database > >> please. Where is the 'passdb' object referenced from? > >> > >> Once that's done, from what I understand, I should be able to > >> change the passwords directly: > >> > >> ####################################################### > >> # Change foo-user password > >> admin_userdata = s4_passdb.getsampwnam("foo-user") > >> admin_userdata.nt_passwd = "878D8014606CDA29677A44EFA1353FC7" > >> admin_userdata.lanman_passwd = "552902031BEDE9EFAAD3B435B51404EE" > >> s4_passdb.update_sam_account(admin_userdata) > >> ####################################################### > > > > Sort of. Those values are not base16 strings, but raw bytes, but > > otherwise that looks pretty much right at a first glance. > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett > > http://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- > Luc Lalonde, analyste > --------------------------------------------------------------------- > Département de génie informatique: > École polytechnique de Montréal > (514) 340-4711 x5049 > luc.lalo...@polymtl.ca > --------------------------------------------------------------------- > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba -- Bo Kersey VirCIO - managed network solutions 4314 Avenue C Austin, TX 78751 phone: (512)374-0500 If it is free, you are the product. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba