Machine password encrypted by admin password in SP3?
Luke Kenneth Casson Leighton
lkcl at regent.push.net
Wed Apr 22 12:49:22 GMT 1998
On Wed, 22 Apr 1998, Paul Ashton wrote:
>
> paulle at microsoft.com said:
> > You have to add the workstation to the DC _from the workstation_ by
> > specifying the name of an account with the right to create machine accounts
> > and its password. Usually, that's an admin. If you add the account at the
> > PDC (or remotely to the PDC from a workstation already in the domain) it
> > will create a well known password (the machine name) for the new machine.
> > That's not what we're talking about here.
>
> So, since in SP2 or less you didn't do this, the SP3 workstation has
> to be compatible with a non-SP3 PDC. So presumably if I'm listening
> on the wire I can forge a negative acknowledgement to the presumably
> new RPC that requests a secure machine password change, as long
> as I can reply quicker than the SP3 PDC? Then the SP3 workstation
> would end up with password=hostname?
you would be dealing with \PIPE\samr opened using NTLMSSP, paul, which
makes life a little more tricky.
More information about the samba-ntdom
mailing list