Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords




On Wed, 2017-03-29 at 20:42 +0100, Rowland Penny wrote:
> On Thu, 30 Mar 2017 08:18:30 +1300
> Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> 
> > On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > > The users password is stored in an hidden attribute which is
> > > supposed to be unreadable, but you can read it on a Samba DC, but
> > > it is heavily
> > > encoded. You may be able to obtain some of the users password
> > > with
> > > pdbedit, but can you get them all ?
> > 
> > To be clear, by design pdbedit can obtain all the unicodePwd values
> > (the NT hash) for users in the domain.  For clarity this is the
> > same
> > underlying value as the sambaNTPassword in traditional 'Samba3'
> > domains using LDAP.
> > 
> > Andrew Bartlett
> > 
> 
> Yes, but will all the AD users be in the pdbedit database ?

Yes, pdbedit on an AD DC is a full view of the sam.ldb database.

Andrew Bartlett

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba