[Samba] Provision new domain keeping users and passwords
Rowland Penny
rpenny at samba.org
Wed Mar 29 19:42:18 UTC 2017
On Thu, 30 Mar 2017 08:18:30 +1300
Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > The users password is stored in an hidden attribute which is
> > supposed to be unreadable, but you can read it on a Samba DC, but
> > it is heavily
> > encoded. You may be able to obtain some of the users password with
> > pdbedit, but can you get them all ?
>
> To be clear, by design pdbedit can obtain all the unicodePwd values
> (the NT hash) for users in the domain. For clarity this is the same
> underlying value as the sambaNTPassword in traditional 'Samba3'
> domains using LDAP.
>
> Andrew Bartlett
>
Yes, but will all the AD users be in the pdbedit database ?
Rowland
More information about the samba
mailing list