[Samba] Google Apps Directory Sync Password Attribute

Andrew Bartlett abartlet at samba.org
Tue Feb 11 16:50:56 MST 2014

On Tue, 2014-02-11 at 16:10 +0800, Shem Pasamba wrote:
> Hello,
> I'm trying to synchronize users with samba4 and Google apps using Google 
> Apps Directory Sync. It's asking me to enter the user Password 
> attribute. May I know what attribute does samba4 use to store user 
> passwords? Also, what hash does it use? SHA1? or MD5? I imported the 
> users using pdbedit.

We don't currently store something compatible, and even after users
change their password with Samba as an AD DC, the only thing we can
offer is to store the plaintext password (a poor compromise).  I would
welcome a patch to store such a password in the userPassword field, if

The password in unicodePwd is the NT hash, ie md4(utf16(pw)).


Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list