[Samba] Samba AD DC without the unsalted NT hash
Andrew Bartlett
abartlet at samba.org
Sat Jul 29 19:52:18 UTC 2023
On Sat, 2023-07-29 at 16:59 +0100, Rowland Penny via samba wrote:
>
> On 29/07/2023 16:47, Reese Wang via samba wrote:
> > Thanks. I'm wondering if I can avoid storing NT-hash (that unsalted
> > MD4) of user passwords, and still be able to join a Windows Server
> > 2022 server to the domain, and authenticate users with samba.
> >
> > Maybe I should read some documentation and open another thread.
> >
>
> I take it that by '2022 server', you mean a member server rather than
> some form of DC, if so, then yes, it should work.
>
> Rowland
Yes, this is a new feature in Samba 4.17
https://www.samba.org/samba/history/samba-4.17.0.html
See "Operation without the unsalted NT hash" in the WHATSNEW linked
above for the details and limitations.
Andrew Bartlett
--
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
More information about the samba
mailing list