[Samba] Password Hash Swapping

ralph strebbing blackbirdralph at gmail.com
Thu Jul 21 14:02:13 UTC 2022

Hey All,

Got something we're trying to make work, and wondering if it's even
possible with the current state of Active Directory. A while back
(presumably when we were still running an NT Domain on Samba 3), the
company I work for built a tool to basically read the password hash of
a user, and replace it with a preset hash so we could provision user
accounts and log in as them, then revert the change when we were done
to prevent them from having to reset their password. We're looking to
do that again if possible, but with the amount of contradicting
information, and scouring the Samba code has left the conclusion of:
Don't touch the ldb files lest you want to break stuff horribly.

So I was wondering if anyone HAS done something like this with a Samba
AD environment, if maybe a tool exists to handle this type of thing,
or if there are any other general recommendations to go about what
we're trying to do.

Appreciate any advice, and thanks ahead of time.


More information about the samba mailing list