Rowland Penny
2023-Jan-05 11:15 UTC
[Samba] Directly setting unicodePwd - better type of hash?
On 05/01/2023 10:13, Edward Graham via samba wrote:> Hi, > > we sync our password from other system by directly setting unicodePwd in samba database file. We would like to drop the insecure hash stored in other system and replace it with something newer and more robust. > > Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. > > Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? > > Thanks >Sorry, but you are supposed to sync from AD to other systems, I do not think it will work the other way around. Tranqui-it provides a script to sync passwords, have a search on their site. Rowland
Edward Graham
2023-Jan-05 12:18 UTC
[Samba] Directly setting unicodePwd - better type of hash?
It works for us without problems. We would like to improve security though, so I'm looking for information whether it's possible to use different hash in samba. ________________________________ Od: samba <samba-bounces at lists.samba.org> za u?ivatele Rowland Penny via samba <samba at lists.samba.org> Odesl?no: ?tvrtek 5. ledna 2023 12:15 Komu: samba at lists.samba.org <samba at lists.samba.org> Kopie: Rowland Penny <rpenny at samba.org> P?edm?t: Re: [Samba] Directly setting unicodePwd - better type of hash? On 05/01/2023 10:13, Edward Graham via samba wrote:> Hi, > > we sync our password from other system by directly setting unicodePwd in samba database file. We would like to drop the insecure hash stored in other system and replace it with something newer and more robust. > > Documentation on page https://samba.tranquil.it/doc/en/samba_fundamentals/about_password_hash.html#propagating-a-password-change-from-samba-ad-to-an-openldap says "It is now possible to have new types of hashes generated when a user changes their password, such as crypt-ssha256 or crypt-ssha512", but I haven't found much info for this. > > Is it possible set different kind of hash in samba's database? What would that look like? Something like '{SSHA512}XXXXXXX/XXX' (simillar to ldap)? > > Thanks >Sorry, but you are supposed to sync from AD to other systems, I do not think it will work the other way around. Tranqui-it provides a script to sync passwords, have a search on their site. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Reasonably Related Threads
- Directly setting unicodePwd - better type of hash?
- Directly setting unicodePwd - better type of hash?
- Directly setting unicodePwd - better type of hash?
- Directly setting unicodePwd - better type of hash?
- Inquiry on Object and Concurrency Limitations in Samba4 for High-Volume LDAP/LDAPS Environments