smbpasswd question

Luke Kenneth Casson Leighton lkcl at
Tue Jun 2 13:08:02 GMT 1998

dear norman,

yes you can ignore the LM hash: at the minimum you must support the NT

i recommend that you follow the "password API needed" and associated
threads on:

as we are developing a password API.  i recommend that you contact danny
breiss, as he is developing a prototype of the clear-text password API;
the encrypted password API already exists and is in passdb.c

small note, big hint: the passdb.c API should have _nothing_ to do with
the UNIX getpwnam() call or its entries.  the minimum information that
must be stored is:

- username
- NT 16 byte hash
- 16 bit ACB account type.

please contact me either privately or preferably via
samba-technical at if you need any assistance: we are
actively seeking to support as many password database systems as possible.

best regards,


On Tue, 2 Jun 1998, NoRM wrote:

> I'm looking at porting the NT Domain samba to our rather specific
> environment.  We have a centralised user database, much like Kerberos, and
> I have in the past ported Samba to use our system, rather than the
> standard shadow passwd file without problems.
> Now, with the advent of encrypted passwords, we have a problem.  We've
> decided to try and augment our central database with a second passwd
> field, to store the hashed passwords as used by NT  (in my test system, I
> simply system() call smbpasswd from the password changer).
> However, when looking at it in more depth, there are two entries in the
> smbpasswd file...
> Can I ask under which circumstances each is used?  I.E. can I get away
> with ignoring one of the two algorithms?
> Norman R. McBride                     
> Computing Services, City University, England          norm at (MIME)
> "...the extreme case best illustrates the norm..."              Stephen King

More information about the samba-ntdom mailing list