[Samba] Provision new domain keeping users and passwords

Andrew Bartlett abartlet at samba.org
Wed Mar 29 19:18:30 UTC 2017

On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> The users password is stored in an hidden attribute which is supposed
> to be unreadable, but you can read it on a Samba DC, but it is
> heavily
> encoded. You may be able to obtain some of the users password with
> pdbedit, but can you get them all ?

To be clear, by design pdbedit can obtain all the unicodePwd values
(the NT hash) for users in the domain.  For clarity this is the same
underlying value as the sambaNTPassword in traditional 'Samba3' domains
using LDAP.

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list