table of contents
- bookworm 2:4.17.12+dfsg-0+deb12u1
- bookworm-backports 2:4.21.2+dfsg-3~bpo12+1
- testing 2:4.21.2+dfsg-3
- unstable 2:4.21.2+dfsg-4
SMBPASSWD(5) | File Formats and Conventions | SMBPASSWD(5) |
NAME¶
smbpasswd - The Samba encrypted password file
SYNOPSIS¶
smbpasswd
DESCRIPTION¶
This tool is part of the samba(7) suite.
smbpasswd is the Samba encrypted password file. It contains the username, Unix user id and the SMB hashed passwords of the user, as well as account flag information and the time the password was last changed. This file format has been evolving with Samba and has had several different formats in the past.
FILE FORMAT¶
The format of the smbpasswd file used by Samba 2.2 is very similar to the familiar Unix passwd(5) file. It is an ASCII file containing one line for each user. Each field within each line is separated from the next by a colon. Any entry beginning with '#' is ignored. The smbpasswd file contains the following information for each user:
name
uid
Lanman Password Hash
WARNING !! Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this reason these hashes are known as plain text equivalents and must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access.
NT Password Hash
This password hash is considered more secure than the LANMAN Password Hash as it preserves the case of the password and uses a much higher quality hashing algorithm. However, it is still the case that if two users choose the same password this entry will be identical (i.e. the password is not "salted" as the UNIX password is).
WARNING !!. Note that, due to the challenge-response nature of the SMB/CIFS authentication protocol, anyone with a knowledge of this password hash will be able to impersonate the user on the network. For this reason these hashes are known as plain text equivalents and must NOT be made available to anyone but the root user. To protect these passwords the smbpasswd file is placed in a directory with read and traverse access only to the root user and the smbpasswd file itself must be set to be read/write only by root, with no other access.
Account Flags
Last Change Time
All other colon separated fields are ignored at this time.
VERSION¶
This man page is part of version 4.17.12-Debian of the Samba suite.
SEE ALSO¶
smbpasswd(8), Samba(7), and the Internet RFC1321 for details on the MD4 algorithm.
AUTHOR¶
The original Samba software and related utilities were created by Andrew Tridgell. Samba is now developed by the Samba Team as an Open Source project similar to the way the Linux kernel is developed.
10/10/2023 | Samba 4.17.12-Debian |