security=domain bombs
Gerald Carter
cartegw at Eng.Auburn.EDU
Fri May 22 17:23:03 GMT 1998
Jeremy Allison wrote:
>
> No, this is wrong. If you do this everything
> will break. The MACHINE.SID contains the
> ascii text of what used to be in the 'domain sid'
> parameter in smb.conf - ie. a string like
>
> S-1-21-123-456-789
Oops. Sorry.
> - it gets randomly generated the first time
> any smbd starts up if it doesn't exist, and
> *never* changes once created (it's the machine
> 'identity' - just like an NT machine SID).
>
> The private/DOMAIN.MACHINENAME.mac file is
> the machine password file, that must exist
> if security=domain is set in smb.conf.
>
> This file is created when you join the
> domain using smbpasswd - first add the
> Samba machine to the NT domain on the PDC
> (if it's a Samba PDC using smbpasswd -a -m
> as usual, if it's an NT PDC using server
> manager for domains), and then on the
> machine joining the domain type add the
> pdc name as the first entry in the
> 'password server' list and then type
> (as root) :
>
> smbpasswd -j <DOMAINNAME>
I missed this part.
> This will create the private/DOMAIN.MACHINENAME.mac
> file that contains the machine password for
> this domain.
>
> I know this is confusing, I need to write a
> document on this but don't have the time
> right now (soon, I promise).
>
You want me to add it to the NTDOM FAQ?
jerry "yes-I-am-braindead-today" carter
________________________________________________________________________
Gerald ( Jerry ) Carter
Engineering Network Services Auburn University
jerry at eng.auburn.edu http://www.eng.auburn.edu/users/cartegw
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
More information about the samba-ntdom
mailing list