Re: using active directory keys

[Dave Love <d.love@dl.ac.uk>]

Andrew Bartlett <abartlet@samba.org> writes:

> Firstly, I think that the type 23 keys (arcfour-hmac-md5, aka the NT
> hash) are now in the default key types, and while it is a limited type,
> with less than broad support on older kerberos libs.  It's not my
> understanding that the type 23 keys are particularly weak in any way.

Sorry for the misinformation, then.  I've certainly seen them
described as weak in places like bugtraq, though.  I was expecting
Love or someone to check it anyhow.

>> Use @command{pwdump2} (@pxref{pwdump}) on the Windows controller to
>> dump the password hashes.  
>
> Therefore 'net rpc samdump' should do the same, as would my original
> suggestion of 'vampire' into the Samba LDAP schema.

I wrote the text before seeing your suggestion.  It was just an
attempt to record what worked in case it was useful to others, not
meant to be authoritative.  (I'm surprised there isn't a more
widespread need for doing this than it seems.)  Anyway, I'd have
thought that it's rather easier than setting up Samba to do the job if
you didn't have it in place already.

> Perhaps I didn't make myself clear on my retraction earlier: while I was
> hoping to find all the kerberos encryption keys, we still get the NT
> password from 'vampire'.

No, that was clear (assuming you mean the hash, not the password).

It's a pity we can't do the same sort of thing with crypt(3) entries
in a shadow file...