Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords

On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> The users password is stored in an hidden attribute which is supposed
> to be unreadable, but you can read it on a Samba DC, but it is
> heavily
> encoded. You may be able to obtain some of the users password with
> pdbedit, but can you get them all ?

To be clear, by design pdbedit can obtain all the unicodePwd values
(the NT hash) for users in the domain.  For clarity this is the same
underlying value as the sambaNTPassword in traditional 'Samba3' domains
using LDAP.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba