machine account

Matthew Kirkwood weejock at
Thu Mar 25 16:55:13 GMT 1999

On Thu, 25 Mar 1999, Luke Kenneth Casson Leighton wrote:

> > > what a TOTAL waste of time.  you're NOT going to believe this, but when
> > > you decode the password from when you type in admin/password, it's the
> > > workstation name in lower case.
> > 
> > Maybe I parsed that wrong, but are you saying that when you add a domain
> you did.

Thank god for that :)

> > account (machine account, whatever) from a client machine,
> correct up to here.
> > it can't verify that you entered a correct admin password?
> this bit's incorrect.  yes of course it [the pdc] can, it's the pdc, so it
> must have the admin username / password.

My original reading suggested that you meant the client didn't even /send/
the admin password, but used an encrypted machine name instead.

> > Or at least that this check isn't done on the server end?
> only if you decide not to implement this check.  and both samba and nt
> implement this check.


> the _workstation_ password is encrypted (and i guessed how it's done) and
> the workstation password, when decrypted, is a well-known value.

Still brain-dead, but not quite so bad... :)


More information about the samba-ntdom mailing list