[Samba] Directly setting unicodePwd - better type of hash?
Rowland Penny
rpenny at samba.org
Thu Jan 5 11:15:19 UTC 2023
On 05/01/2023 10:13, Edward Graham via samba wrote:
> Hi,
>
> we sync our password from other system by directly setting unicodePwd in samba database file. We would like to drop the insecure hash stored in other system and replace it with something newer and more robust.
>
> Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this.
>
> Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)?
>
> Thanks
>
Sorry, but you are supposed to sync from AD to other systems, I do not
think it will work the other way around.
Tranqui-it provides a script to sync passwords, have a search on their site.
Rowland
More information about the samba
mailing list