Initial testing
Tavis Barr
tavis at mahler.econ.columbia.edu
Thu May 14 21:55:28 GMT 1998
On Thu, 14 May 1998, Gerald Carter wrote:
> > It has to be "smbpasswd -a -m HOLLAND", no? [vs. holland in lower
> > case -- TB] Let me know if I'm wrong; I'm still having trouble with
> > the machine passwords.
>
> Shouldn't matter. I haven't verified this in the source though. Am
> working on another problem right now. The smbpasswd program should
> insulate you from case anyways.
Actually, I just tried it and it does. It checks /etc/passwd, finds out
that there is no machine named workstation$, and exits. On the other
hand, if you add workstation$ to the /etc/passwd file, then it adds
workstation$ in lower case to the smbpasswd file. From what I
understand, the machine name has to be in upper case, and the password in
lower case -- but then I keep getting these machine password invalid
errors on the NT end, so I'm hardly one to know.
> > Also, can someone explain the file DOMAIN.MACINE.mac file in the
> > private directory? There's a reference to it in the nmb log, but I
> > can't find any documentation on it. Do I need to configure it to have
> > NT4 machine accounts? What's the format?
>
> Do you mean private/MACHINE.SID? This is the domain SID generated
> randomly if one has not been specified in smb.conf. After generation,
> this file is consulted rather than the smb.conf parameter. It's
> sometying Jeremy is currently working. No docs yet. There was a
> message about that file recently though from jeremy. Check the
> archives.
I take it back. It's no longer in the new version. My machines are now
failing because I get errors like this for the domain server MARKOV when
I try to connect workstations to the domain:
Domain=[SOCIOLOGY] NativeOS=[Windows NT 1381] NativeLanMan=[]
sesssetupX:name=[tavis]
get_trust_account_password: Malformed trust password file (wrong length).
domain_client_validate: unable to read the machine account password for
machine MARKOV in domain SAMBADC.
Nevertheless there is an entry for MARKOV$ in my smbpasswd file:
MARKOV$:65534:F97C0A62568073BCAAD3B435B51404EE:E4367877FC5AF99CD2137B5\
B389C9965:[W]:LCT-355B62AF:
[user 65534 is nobody]
What is even more disturbing is that I can use smbclient to connect to
this service ('\\markov\MARKOV$' -U MARKOV$ , password markov) if there
is a valid home directory in the Unix password file. Maybe this
loophole is too obvious to worry about but it didn't occur to me as I
was putting these entries in my /etc/passwd file-- or rather because I
didn't understand at first what I was doing I wasn't sure if the accounts
would need a home directory. It would be nice if there were
something in smbd that didn't allow [homes] logons for machine accounts.
Well this is rambling....
Cheers,
Tavis
More information about the samba-ntdom
mailing list