hello list, What kind of hashing/encryption samba4 ADDC uses for user passwords? base64? Thanks! -- Elias Pereira
On 08/10/2019 12:27, Elias Pereira via samba wrote:> hello list, > > What kind of hashing/encryption samba4 ADDC uses for user passwords? base64? > > Thanks! >Basically yes, but it is a bit more involved, to create an AD users passwords in bash, you would have to do something like this: UNICODEPW=$(echo -n "\"$PASSWORD\"" | iconv -f UTF-8 -t UTF-16LE | base64 -w 0) Rowland
On Tue, Oct 8, 2019, 07:45 Rowland penny via samba <samba at lists.samba.org> wrote:> On 08/10/2019 12:27, Elias Pereira via samba wrote: > > hello list, > > > > What kind of hashing/encryption samba4 ADDC uses for user passwords? > base64? >Base64 is neither a hash nor an encryption algorithm; it is an encoding.> > > Thanks! > > > Basically yes, but it is a bit more involved, to create an AD users > passwords in bash, you would have to do something like this: > > UNICODEPW=$(echo -n "\"$PASSWORD\"" | iconv -f UTF-8 -t UTF-16LE | > base64 -w 0) >Where is this scheme applied? Are you saying Samba stores plaintext passwords in the database? Jonathon>
On Tue, 2019-10-08 at 08:27 -0300, Elias Pereira via samba wrote:> hello list, > > What kind of hashing/encryption samba4 ADDC uses for user passwords? > base64?The easiest to sync in is the unicodePwd attribute, which is md4(utf16- le(password)). We also store other kerberos password has values, but unicodePwd is what folks use when trying to do manual syncing. Take are that when playing this game that you need to remove supplementalCredentials or the passwords used by modern Kerberos will get out of sync Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba