[Samba] Samba AD DC without the unsalted NT hash

Andrew Bartlett abartlet at samba.org
Sat Jul 29 19:52:18 UTC 2023

On Sat, 2023-07-29 at 16:59 +0100, Rowland Penny via samba wrote:
> On 29/07/2023 16:47, Reese Wang via samba wrote:
> > Thanks. I'm wondering if I can avoid storing NT-hash (that unsalted
> > MD4) of user passwords, and still be able to join a Windows Server
> > 2022 server to the domain, and authenticate users with samba.
> > 
> > Maybe I should read some documentation and open another thread.
> > 
> I take it that by '2022 server', you mean a member server rather than 
> some form of DC, if so, then yes, it should work.
> Rowland

Yes, this is a new feature in Samba 4.17

See "Operation without the unsalted NT hash" in the WHATSNEW linked
above for the details and limitations.

Andrew Bartlett
Andrew Bartlett (he/him) https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba

More information about the samba mailing list