How is a Windows Active Directory Machine Account Password stored in Windows/Samba Clients?
It's said that a Windows Machine Account Password is usually composed of 120 characters in UTF-16-LE format. But when looking at the value stored in the Windows Registry under HKLM\SECURITY\Policy\Secrets\$MACHINE.ACC\CurrVal one finds a somewhat random length blob of binary data which is way more than the 240 bytes expected and also doesn't seem to be UTF-16 anymore. I saw lengths of 332, 356, 358 and 382 bytes.
What explains this difference? What is going on?
How is the value stored in CurrVal actually put together?
Some background: I try to use a company Wifi which wants me to present this value for authentication. I wrote a small script to extract the value from Samba's /var/lib/samba/private/secrets.tdb (which looks very similar to the one in the Windows Registry) and plug it into a NetworkManager WPA2-Enterprise 802.1x PEAP profile which works fine for me for some years. Currently I try to switch to SSSD which only gives me cleartext 120 bytes UTF-8 (by running adcli update --show-details --show-password) for the Machine Password and I want to figure out how to transform those 120 characters to the Windows-/Samba-like format I can use to authenticate.
