[Samba] Copy Passwords from Active Directory to Samba

Charles McLaughlin cmclaughlin at ucdavis.edu
Wed May 4 16:29:59 GMT 2005

I'm posting this for the sake of the archives...

I ended up up dumping the passwords from AD using pwdump2.exe found here:

I couldn't get 'net vampire' to work (I didn't try that hard) and MS 
doesn't allow AD passwords to be retrieved via LDAP.


On 04/14/2005 04:14 PM, John H Terpstra wrote:
> On Thursday 14 April 2005 16:42, Charles McLaughlin wrote:
>>I'm migrating from Windows 2003 Active Directory to a Samba 3 PDC and
>>would like to avoid recreating passwords for all of my users.  Is it
>>possible to copy the Windows user accounts or just the passwords from
>>the Windows box to Samba?
>>I've read about the pwdump.exe tool, but can't find any reports of it
>>working on Windows 2003 and am not sure if Active Directory stores
>>passwords in the same manner as NT.  Can anyone confirm this?
>>I'm using a tdbsam password backend.  Even if I can extract the
>>passwords from Windows, how can I add the pre-hashed password to the
>>tbsam database?
> Have you tried the 'net rpc vampire' approach? I have not and do not know if 
> it works. My question is shot from the hip.
> The other possiblility is to do an LDAP dump of the ADS directory, then rework 
> the data into a valid OpenLDAP LDIF file. That is a method that does work, at 
> least for getting the directory contents.
> - John T.

More information about the samba mailing list