machine account
Luke Kenneth Casson Leighton
lkcl at switchboard.net
Thu Mar 25 16:27:01 GMT 1999
On Thu, 25 Mar 1999, Matthew Kirkwood wrote:
> On Fri, 26 Mar 1999, Luke Kenneth Casson Leighton wrote:
>
> > > I joined my workstation like "smbpasswd -a -m workstation_name" and I
> > > can switch to samba domain. If I want to switch a second time to samba
> > > domain I have to do "smbpasswd -a -m workstation_name" again.
>
> I saw this at various times (though I haven't played with HEAD for a
> while).
>
> > > If I try to switch to samba domain with administrator/password, I get
> > > a message that I haven't enougth privileges. Is it a fault or not
> > > supported (samba 2.1.0).
> >
> > what a TOTAL waste of time. you're NOT going to believe this, but when
> > you decode the password from when you type in admin/password, it's the
> > workstation name in lower case.
>
> Maybe I parsed that wrong, but are you saying that when you add a domain
you did.
> account (machine account, whatever) from a client machine,
correct up to here.
> it can't verify that you entered a correct admin password?
this bit's incorrect. yes of course it [the pdc] can, it's the pdc, so it
must have the admin username / password.
> Or at least that this check isn't done on the server end?
only if you decide not to implement this check. and both samba and nt
implement this check.
the _workstation_ password is encrypted (and i guessed how it's done) and
the workstation password, when decrypted, is a well-known value.
More information about the samba-ntdom
mailing list