[Samba] samba password hashes exposed to ldapsearch

Charlie medievalist at gmail.com
Mon Jul 28 23:59:19 GMT 2008

> Is there are way to also hide the Samba password hashes without breaking
> Samba functionality?  Say, by using some LDAP rights-management tool to
> limit access to these attributes to certain accounts.  Or does Samba require
> these hashes to be generally readable?

A properly configured LDAP server will not allow anything but the
samba daemons to read windows hashes; they are plaintext password
equivalent since they can be cracked quite trivially with freely
downloadable tools.

Do not send your password hashes over an unencrypted network
connection, for the same reason.


More information about the samba mailing list