[Samba] Provision new domain keeping users and passwords
Andrew Bartlett
abartlet at samba.org
Wed Mar 29 19:18:30 UTC 2017
On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> The users password is stored in an hidden attribute which is supposed
> to be unreadable, but you can read it on a Samba DC, but it is
> heavily
> encoded. You may be able to obtain some of the users password with
> pdbedit, but can you get them all ?
To be clear, by design pdbedit can obtain all the unicodePwd values
(the NT hash) for users in the domain. For clarity this is the same
underlying value as the sambaNTPassword in traditional 'Samba3' domains
using LDAP.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list