[Samba] Directly setting unicodePwd - better type of hash?

Edward Graham smbq21 at outlook.com
Thu Jan 5 10:13:49 UTC 2023


Hi,

we sync our password from other system by directly setting unicodePwd in samba database file. We would like to drop the insecure hash stored in other system and replace it with something newer and more robust.

Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap  says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this.

Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)?

Thanks



More information about the samba mailing list