Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords




2017-03-29 16:42 GMT-03:00 Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>:

> On Thu, 30 Mar 2017 08:18:30 +1300
> Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
>
> > On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > > The users password is stored in an hidden attribute which is
> > > supposed to be unreadable, but you can read it on a Samba DC, but
> > > it is heavily
> > > encoded. You may be able to obtain some of the users password with
> > > pdbedit, but can you get them all ?
> >
> > To be clear, by design pdbedit can obtain all the unicodePwd values
> > (the NT hash) for users in the domain.  For clarity this is the same
> > underlying value as the sambaNTPassword in traditional 'Samba3'
> > domains using LDAP.
> >
> > Andrew Bartlett
> >
>
> Yes, but will all the AD users be in the pdbedit database ?
>
> # pdbedit -L | wc -l
48064
# samba-tool user list | wc -l
48033

It's giving me more!


> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba