Update: Machine accounts invalid

Jeremy Allison jallison at whistle.com
Thu May 21 16:53:23 GMT 1998

Kevin Currie wrote:

>         Well, smbpasswd reads the smb.conf file, how about just having the
> "machine reset users = " parameter be interpreted by smbpasswd so that
> non-root users can reset the machine (and only machine) account passwords?

We can't do that as it would be the biggest security
hole this side of the buffer overrun problem in Samba
1.9.17p1 and all previous versions :-).

If anyone could do that I could write code that would
allow anyone sniffing the network to get plaintext
equivalent passwords from the next user who logs onto
that NT workstation (come to think of it I could do
that anyway, but this makes it even easier, as you
can select a machine target and force it at a particular
time :-).


Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.

More information about the samba-ntdom mailing list