[Samba] Provision new domain keeping users and passwords

Rowland Penny rpenny at samba.org
Wed Mar 29 19:42:18 UTC 2017

On Thu, 30 Mar 2017 08:18:30 +1300
Andrew Bartlett <abartlet at samba.org> wrote:

> On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > The users password is stored in an hidden attribute which is
> > supposed to be unreadable, but you can read it on a Samba DC, but
> > it is heavily
> > encoded. You may be able to obtain some of the users password with
> > pdbedit, but can you get them all ?
> To be clear, by design pdbedit can obtain all the unicodePwd values
> (the NT hash) for users in the domain.  For clarity this is the same
> underlying value as the sambaNTPassword in traditional 'Samba3'
> domains using LDAP.
> Andrew Bartlett

Yes, but will all the AD users be in the pdbedit database ?


More information about the samba mailing list