passwords S4

Stefan (metze) Metzmacher metze at
Fri Dec 9 08:18:26 MST 2011

Am 09.12.2011 16:03, schrieb Jelmer Vernooij:
> Am 09/12/11 15:02, schrieb Collen:
>> i'm trying to make a dump of the passwords (and user accounts) in samba4
>> i can dump them with ldbsearch and unicodePwd
>> in what format is the unicodePwd ? i thought it was base64 + utf16le
> It'll give you the NT password hash, not a plaintext password. ldbsearch
> outputs binary data it in base64 by default.
>> but decoding base64 and converting with iconv gives me nothing (an error)
>> how can i dump the password, and convert it to something useable ?
> The plaintext password isn't stored unless you have a clearTextPassword
> attribute.

If you have the DOMAIN_PASSWORD_STORE_CLEARTEXT (0x10) bit set in
of the domain object and an account has the
bit set in userAccountControl, the cleartext utf16le password is stored
of the supplementalCredentials blob.

There's currently no easy way to get back the cleartext password,
but I'm working on it.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list