Oui ça à l'air intéressant, je regarderais, mais le problème restera intact. Les Hash NT ne peuvent pas se generer a partir du Hash MD5...
Voici une copie de réponse sur la liste de discussion samba de samba.org... Lisez, mais je pense que c'est mort. Comme proposé plus haut, il va falloir passer par un script/page web qui propose de retaper le mdp...
______________
From : Charlie
The MD5 hash you are using for your LDAP "userPassword" attribute is
non-reversible - there isn't any straightforward way to convert it
into anything else. Unless you happen to have a supercomputer grid
handy to brute-force crack them, that is.
See, whenever you use that password, your machine takes some string
that the end-user has supplied and runs it through MD5. Then the
machine compares the UserPassword value with the MD5-hash of the
password string that the user supplied. If they match, you are
allowed in. But the machine does not actually know your password, and
it can't unconvert the MD5 into a string that could be NT-hashed for
an SMB password. The NT-hash is similarly not reversible, although
it's not very good (no salt, for one thing) so it is relatively easy
to crack (and quick, if you use rainbow tables).
When I converted our networks to samba a decade or more ago, I started
out by trying to crack all our user passwords by brute force, but I
could only get about 90% of them in any reasonable time frame. So,
instead, we modified our password changing process to produce the NT
and LM hashes as well as the MD5 hashes and made all our users
passwords expire over the course of the next two weeks.
That way I had matching NT, LM, and SMD5 password hashes which we've
maintained to this day in our enterprise LDAP directory.
[^] # Re: samba/ldap/mot de passe crypté
Posté par mrnours . En réponse au message Samba+LDAP mot de passes. Évalué à 1.
Oui ça à l'air intéressant, je regarderais, mais le problème restera intact. Les Hash NT ne peuvent pas se generer a partir du Hash MD5...
Voici une copie de réponse sur la liste de discussion samba de samba.org... Lisez, mais je pense que c'est mort. Comme proposé plus haut, il va falloir passer par un script/page web qui propose de retaper le mdp...
______________
From : Charlie
The MD5 hash you are using for your LDAP "userPassword" attribute is
non-reversible - there isn't any straightforward way to convert it
into anything else. Unless you happen to have a supercomputer grid
handy to brute-force crack them, that is.
See, whenever you use that password, your machine takes some string
that the end-user has supplied and runs it through MD5. Then the
machine compares the UserPassword value with the MD5-hash of the
password string that the user supplied. If they match, you are
allowed in. But the machine does not actually know your password, and
it can't unconvert the MD5 into a string that could be NT-hashed for
an SMB password. The NT-hash is similarly not reversible, although
it's not very good (no salt, for one thing) so it is relatively easy
to crack (and quick, if you use rainbow tables).
When I converted our networks to samba a decade or more ago, I started
out by trying to crack all our user passwords by brute force, but I
could only get about 90% of them in any reasonable time frame. So,
instead, we modified our password changing process to produce the NT
and LM hashes as well as the MD5 hashes and made all our users
passwords expire over the course of the next two weeks.
That way I had matching NT, LM, and SMD5 password hashes which we've
maintained to this day in our enterprise LDAP directory.
[^] # Re: samba/ldap/mot de passe crypté
Posté par mrnours . En réponse au message Samba+LDAP mot de passes. Évalué à 1.
Mais le but de ma manoeuvre c'est de proposer un maximum de service avec le meme couple user/password.
En même temps ma demande doit être un peu irréaliste.