[Samba] Format of LSA Secret for Interdomain Trust Password

Andrew Bartlett abartlet at samba.org
Fri Jul 12 10:32:12 GMT 2002

David Boynton wrote:
> Hello, all!
> Let's say, hypothetically, that one was trying to migrate a NT4 domain to
> Samba without the knowledge of the NT admin of a domain you trusted. :)
> Basically, what I need is the password for my trust account, but it's in
> some obfuscated hash under the G$$xxxxx secret.  Does anybody know how this
> is stored, or am I down to sniffing network traffic?

Are you sure its an obfusticated hash?  Are you sure its not just the

I would connect with some of the Samba-TNG tools and try and get back
the hash.  However, thats only half the story ;-).  Samba doesn't
support trusted domains anyway - and neither really does Samba-TNG -
both at the very least require that you hand-create the accounts in
/etc/passwd for the trusted domain.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net

More information about the samba mailing list