weejock at ferret.lmh.ox.ac.uk
Thu Mar 25 16:55:13 GMT 1999
On Thu, 25 Mar 1999, Luke Kenneth Casson Leighton wrote:
> > > what a TOTAL waste of time. you're NOT going to believe this, but when
> > > you decode the password from when you type in admin/password, it's the
> > > workstation name in lower case.
> > Maybe I parsed that wrong, but are you saying that when you add a domain
> you did.
Thank god for that :)
> > account (machine account, whatever) from a client machine,
> correct up to here.
> > it can't verify that you entered a correct admin password?
> this bit's incorrect. yes of course it [the pdc] can, it's the pdc, so it
> must have the admin username / password.
My original reading suggested that you meant the client didn't even /send/
the admin password, but used an encrypted machine name instead.
> > Or at least that this check isn't done on the server end?
> only if you decide not to implement this check. and both samba and nt
> implement this check.
> the _workstation_ password is encrypted (and i guessed how it's done) and
> the workstation password, when decrypted, is a well-known value.
Still brain-dead, but not quite so bad... :)
More information about the samba-ntdom