Initial testing

Tavis Barr tavis at
Thu May 14 21:55:28 GMT 1998

On Thu, 14 May 1998, Gerald Carter wrote:

> > It has to be "smbpasswd -a -m HOLLAND", no? [vs. holland in lower 
> > case -- TB]  Let me know if I'm wrong; I'm still having trouble with 
> > the machine passwords. 
> Shouldn't matter.  I haven't verified this in the source though.  Am
> working on another problem right now.  The smbpasswd program should
> insulate you from case anyways.

Actually, I just tried it and it does.  It checks /etc/passwd, finds out 
that there is no machine named workstation$, and exits.  On the other 
hand, if you add workstation$ to the /etc/passwd file, then it adds 
workstation$ in lower case to the smbpasswd file.  From what I 
understand, the machine name has to be in upper case, and the password in 
lower case -- but then I keep getting these machine password invalid 
errors on the NT end, so I'm hardly one to know.

> > Also, can someone explain the file DOMAIN.MACINE.mac file in the 
> > private directory?  There's a reference to it in the nmb log, but I 
> > can't find any documentation on it.  Do I need to configure it to have 
> > NT4 machine accounts?  What's the format?
> Do you mean private/MACHINE.SID?  This is the domain SID generated
> randomly if one has not been specified in smb.conf.  After generation,
> this file is consulted rather than the smb.conf parameter.  It's
> sometying Jeremy is currently working.  No docs yet.  There was a
> message about that file recently though from jeremy.  Check the
> archives.

I take it back.  It's no longer in the new version.  My machines are now 
failing because I get errors like this for the domain server MARKOV when 
I try to connect workstations to the domain:

Domain=[SOCIOLOGY]  NativeOS=[Windows NT 1381] NativeLanMan=[]
get_trust_account_password: Malformed trust password file (wrong length).
domain_client_validate: unable to read the machine account password for 
machine MARKOV in domain SAMBADC.

Nevertheless there is an entry for MARKOV$ in my smbpasswd file:


[user 65534 is nobody]

What is even more disturbing is that I can use smbclient to connect to 
this service ('\\markov\MARKOV$' -U MARKOV$ , password markov)  if there 
is a valid home directory in the Unix password file.  Maybe this 
loophole is too obvious to worry about but it didn't occur to me as I 
was putting these entries in my /etc/passwd file-- or rather because I 
didn't understand at first what I was doing I wasn't sure if the accounts 
would need a home directory.  It would be nice if there were 
something in smbd that didn't allow [homes] logons for machine accounts. 

Well this is rambling....


More information about the samba-ntdom mailing list