machine account

Luke Kenneth Casson Leighton lkcl at
Thu Mar 25 16:27:01 GMT 1999

On Thu, 25 Mar 1999, Matthew Kirkwood wrote:

> On Fri, 26 Mar 1999, Luke Kenneth Casson Leighton wrote:
> > > I joined my workstation like "smbpasswd -a -m workstation_name" and I
> > > can switch to samba domain.  If I want to switch a second time to samba
> > > domain I have to do "smbpasswd -a -m workstation_name" again.
> I saw this at various times (though I haven't played with HEAD for a
> while).
> > > If I try to switch to samba domain with administrator/password, I get
> > > a message that I haven't enougth privileges. Is it a fault or not
> > > supported (samba 2.1.0).
> >
> > what a TOTAL waste of time.  you're NOT going to believe this, but when
> > you decode the password from when you type in admin/password, it's the
> > workstation name in lower case.
> Maybe I parsed that wrong, but are you saying that when you add a domain

you did.

> account (machine account, whatever) from a client machine,

correct up to here.

> it can't verify that you entered a correct admin password?

this bit's incorrect.  yes of course it [the pdc] can, it's the pdc, so it
must have the admin username / password.
> Or at least that this check isn't done on the server end?

only if you decide not to implement this check.  and both samba and nt
implement this check.

the _workstation_ password is encrypted (and i guessed how it's done) and
the workstation password, when decrypted, is a well-known value.

More information about the samba-ntdom mailing list