Machine password encrypted by admin password in SP3?

Jeremy Allison jallison at
Tue Apr 21 23:26:58 GMT 1998

Paul Ashton wrote:
> Paul Leach says (I think) that from SP3 when a workstation joins a
> domain from the client side, i.e. "use this account to add machine
> to domain", it will encrypt a new random machine password instead of
> setting it to the default (hostname in unicode). Can someone
> confirm this as it has implications for a Samba PDC.

Done the experiment (last night in fact). Paul Leach 
is wrong. It still leaves the lame password (hostname
in unicode) as the secret.

Yes, I'm afraid the only way to securely add a NT machine
to a domain is to do it on a private net. I have actually
been spending a significant amount of time trying to
get around this hideous security hole and still
interoperate with an NT PDC with the Samba domain client


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-ntdom mailing list