[Samba] Directly setting unicodePwd - better type of hash?

Edward Graham smbq21 at outlook.com
Thu Jan 5 12:18:02 UTC 2023

It works for us without problems. We would like to improve security though, so I'm looking for information whether it's possible to use different hash in samba.
Od: samba <samba-bounces at lists.samba.org> za uživatele Rowland Penny via samba <samba at lists.samba.org>
Odesláno: čtvrtek 5. ledna 2023 12:15
Komu: samba at lists.samba.org <samba at lists.samba.org>
Kopie: Rowland Penny <rpenny at samba.org>
Předmět: Re: [Samba] Directly setting unicodePwd - better type of hash?

On 05/01/2023 10:13, Edward Graham via samba wrote:
> Hi,
> we sync our password from other system by directly setting unicodePwd in samba database file. We would like to drop the insecure hash stored in other system and replace it with something newer and more robust.
> Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap  says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this.
> Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)?
> Thanks

Sorry, but you are supposed to sync from AD to other systems, I do not
think it will work the other way around.

Tranqui-it provides a script to sync passwords, have a search on their site.


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list