Web lists-archives.com

Re: [Samba] Provision new domain keeping users and passwords




On Wed, 2017-03-29 at 18:18 -0300, Jeanderson Soares wrote:
> 
> 
> 2017-03-29 16:42 GMT-03:00 Rowland Penny via samba <samba@lists.samba
> .org>:
> > On Thu, 30 Mar 2017 08:18:30 +1300
> > Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> > 
> > > On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > > > The users password is stored in an hidden attribute which is
> > > > supposed to be unreadable, but you can read it on a Samba DC,
> > but
> > > > it is heavily
> > > > encoded. You may be able to obtain some of the users password
> > with
> > > > pdbedit, but can you get them all ?
> > >
> > > To be clear, by design pdbedit can obtain all the unicodePwd
> > values
> > > (the NT hash) for users in the domain.  For clarity this is the
> > same
> > > underlying value as the sambaNTPassword in traditional 'Samba3'
> > > domains using LDAP.
> > >
> > > Andrew Bartlett
> > >
> > 
> > Yes, but will all the AD users be in the pdbedit database ?
> > 
> 
> # pdbedit -L | wc -l
> 48064
> # samba-tool user list | wc -l
> 48033
> 
> It's giving me more!

samba-tool user list omits machine and trust accounts, pdbedit shows
the whole set of accounts.

Thanks,

Andrew Bartlett


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba