[Samba] Provision new domain keeping users and passwords
ssjeanderson at gmail.com
Wed Mar 29 21:18:03 UTC 2017
2017-03-29 16:42 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Thu, 30 Mar 2017 08:18:30 +1300
> Andrew Bartlett <abartlet at samba.org> wrote:
> > On Wed, 2017-03-29 at 15:06 +0100, Rowland Penny via samba wrote:
> > > The users password is stored in an hidden attribute which is
> > > supposed to be unreadable, but you can read it on a Samba DC, but
> > > it is heavily
> > > encoded. You may be able to obtain some of the users password with
> > > pdbedit, but can you get them all ?
> > To be clear, by design pdbedit can obtain all the unicodePwd values
> > (the NT hash) for users in the domain. For clarity this is the same
> > underlying value as the sambaNTPassword in traditional 'Samba3'
> > domains using LDAP.
> > Andrew Bartlett
> Yes, but will all the AD users be in the pdbedit database ?
> # pdbedit -L | wc -l
# samba-tool user list | wc -l
It's giving me more!
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba