Hello, I'm trying to synchronize users with samba4 and Google apps using Google Apps Directory Sync. It's asking me to enter the user Password attribute. May I know what attribute does samba4 use to store user passwords? Also, what hash does it use? SHA1? or MD5? I imported the users using pdbedit. Thank you in advance. Sincerely, Windell Shem Pasamba
I've the plan to deploy this myself... Please share your experience when done :) Thank you in advance. On Tue, Feb 11, 2014 at 4:10 PM, Shem Pasamba <shemgp at aiias.edu> wrote:> Hello, > > I'm trying to synchronize users with samba4 and Google apps using Google > Apps Directory Sync. It's asking me to enter the user Password attribute. > May I know what attribute does samba4 use to store user passwords? Also, > what hash does it use? SHA1? or MD5? I imported the users using pdbedit. > > Thank you in advance. > > Sincerely, > > Windell Shem Pasamba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Andrew Bartlett
2014-Feb-11 23:50 UTC
[Samba] Google Apps Directory Sync Password Attribute
On Tue, 2014-02-11 at 16:10 +0800, Shem Pasamba wrote:> Hello, > > I'm trying to synchronize users with samba4 and Google apps using Google > Apps Directory Sync. It's asking me to enter the user Password > attribute. May I know what attribute does samba4 use to store user > passwords? Also, what hash does it use? SHA1? or MD5? I imported the > users using pdbedit.We don't currently store something compatible, and even after users change their password with Samba as an AD DC, the only thing we can offer is to store the plaintext password (a poor compromise). I would welcome a patch to store such a password in the userPassword field, if enabled. The password in unicodePwd is the NT hash, ie md4(utf16(pw)). Sorry, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba