[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'krbPrincipalKey' and 'sambaMungedDial'

Am 22.03.2013 19:01, schrieb Andreas B. Mundt:
Hi Martin,

On Fri, Mar 22, 2013 at 06:33:11PM +0100, Martin Schulte wrote:
while trying to upgrade to squeeze and restore old passwords, i had
a look to the ldap in squeeze. I found the two attributes
'krbPrincipalKey' and 'sambaMungedDial'. Can someone tell me, what
is the use of these two attributes and how they are generated? Is
there a relation between the userpassword and these two attributes?

Actually i try to replace the value of the attributes
'userPassword', 'sambaLMPassword', 'sambaNTPassword' from the
squeeze ldap with the values from the lenny ldap.

The authentication method has changed completely in squeeze.  Instead
of storing a hashed password in LDAP as it has been the case in Lenny,
Squeeze uses Kerberos keys.  These are also some kind of a user's
password, but can also be used to encrypt any connection over the
network.  There is no way to convert the password hash from Lenny to a
Kerberos principal key, so you have to create these from clear text
passwords.  I am not familliar with the samba stuff however.

Hi ,

thank you for your answer.
I found a way to get the passwords in cleartext from lenny ldap, thanks to windows, the secures OS ever :-) and his LM-Hash. You can crack this LM-hash using ophcrack (http://en.wikipedia.org/wiki/Ophcrack ), which uses rainbow tables.

To automate this, i wrote a perl-script which fetches the SambaLMpassword from each user. Than it's generates an file in pwdumper-Syntax

Than i load this file into ophcrack, which finds passwords using rainbow tables. This takes 45min. Then i save the results in a file. Another perl-script reads this file and fetchs the groups of every user. Because of LM-hash is caseinsensitive, it checks all combinations of upper- and lowercase combinations against the SambaNTPassword, which is casesensitiv. After this it generates a csv-file which can be used by gosa's import function.

If someone interested i can put the script into the wiki.


Reply to: