machine account
Matthew Kirkwood
weejock at ferret.lmh.ox.ac.uk
Thu Mar 25 16:55:13 GMT 1999
On Thu, 25 Mar 1999, Luke Kenneth Casson Leighton wrote:
> > > what a TOTAL waste of time. you're NOT going to believe this, but when
> > > you decode the password from when you type in admin/password, it's the
> > > workstation name in lower case.
> >
> > Maybe I parsed that wrong, but are you saying that when you add a domain
>
> you did.
Thank god for that :)
> > account (machine account, whatever) from a client machine,
>
> correct up to here.
>
> > it can't verify that you entered a correct admin password?
>
> this bit's incorrect. yes of course it [the pdc] can, it's the pdc, so it
> must have the admin username / password.
My original reading suggested that you meant the client didn't even /send/
the admin password, but used an encrypted machine name instead.
> > Or at least that this check isn't done on the server end?
>
> only if you decide not to implement this check. and both samba and nt
> implement this check.
Good.
> the _workstation_ password is encrypted (and i guessed how it's done) and
> the workstation password, when decrypted, is a well-known value.
Still brain-dead, but not quite so bad... :)
Matthew.
More information about the samba-ntdom
mailing list