[Samba] user password hash

Rowland penny rpenny at samba.org
Tue Oct 8 12:04:07 UTC 2019


On 08/10/2019 12:53, Jonathon Reinhart wrote:
>
>
> On Tue, Oct 8, 2019, 07:45 Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
>
>     On 08/10/2019 12:27, Elias Pereira via samba wrote:
>     > hello list,
>     >
>     > What kind of hashing/encryption samba4 ADDC uses for user
>     passwords? base64?
>
>
> Base64 is neither a hash nor an encryption algorithm; it is an encoding.
That is why I said 'basically' ;-)
>
>     >
>     > Thanks!
>     >
>     Basically yes, but it is a bit more involved, to create an AD users
>     passwords in bash, you would have to do something like this:
>
>     UNICODEPW=$(echo -n "\"$PASSWORD\"" | iconv -f UTF-8 -t UTF-16LE |
>     base64 -w 0)
>
>
> Where is this scheme applied?
On my Hard drive ;-)
> Are you saying Samba stores plaintext passwords in the database?

No, that bit of bash turns a plain password into what you would store in 
the users 'unicodePwd' attribute.

For instance, if $PASSWORD == password , you would get 
'IgBwAGEAcwBzAHcAbwByAGQAIgA='

Rowland


>
> Jonathon





More information about the samba mailing list