machine passwd
tschweikle at FIDUCIA.de
tschweikle at FIDUCIA.de
Fri Sep 17 13:22:56 GMT 1999
Sebastien Corriveau wrote:
> "Wingate, Steve [IBM NON J&J]" wrote:
>>
>> I read an article in a recent Windows NT magazine stating that computers
>> change their own domain computeraccount password every 7 days. Disconnecting
>> a machine (laptop user for example) from the domain for longer than this
>> period can cause login errors. I can't recall the exact error but something
>> along the lines of 'computer trust account being broken or no longer
>> established'.
>
> Yes and no. NT PDC negotiate a new computeraccount password every 7 days
> with all NT domain members. However, if the workstation is not accessible
> the password will not be changed and the laptop (in your example) will still
> be able to connect with the PDC the next time.
This is the way NT does it. If password negotiation fails it will be done next
time you connect to the lan. But there was an error in one of M$ hotfixes
causing the PDC to change the password nevertheless. Rendering it impossible
to logon, until an admin put your box back into the domain. This shouldn't be
seen anymore since SP #3 as far as i know.
> Suppose your your company closes for 2 weeks during summer. You don't want
> to re-establish every trust relationship between the PDC and it's members.
>
>> Steve Wingate, MCSE
>
> I'm not a MCSE but I think I'm right on that. Please tell me if I'm not.
--
ThomasFrom tschweikle at FIDUCIA.de Fri Sep 17 13:23:40 1999
Received: from snoopy.nic.fiducia.de ([195.200.32.17]:1819 "EHLO convert rfc822-to-8bito
snoopy.nic.fiducia.de") by samba.anu.edu.au with ESMTP
id <S12865069AbPIQNXb>; Fri, 17 Sep 1999 23:23:31 +1000
Received: from FIDUCIA.DE ([10.253.218.1]) by snoopy.nic.fiducia.de
(Netscape Messaging Server 3.5) with SMTP id 310
for <Samba-Ntdom at Samba.Org>; Fri, 17 Sep 1999 15:22:41 +0200
Received: by FIDUCIA.DE (Soft-Switch LMS 3.2) with snapi via NOTES
id 0057540001681288; Fri, 17 Sep 1999 15:22:54 +0200
From: tschweikle at FIDUCIA.de
To:
" - *Samba-Ntdom at Samba.Org" <Samba-Ntdom at Samba.Org>
Subject: Re: machine passwd
Message-ID: <0057540001681288000002L482*@MHS>
Date: Fri, 17 Sep 1999 15:22:54 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8BIT
Content-Disposition: inline
Return-Path: <tschweikle at FIDUCIA.de>
X-Orcpt: rfc822;Samba-Ntdom at Samba.Org
Sebastien Corriveau wrote:
> "Wingate, Steve [IBM NON J&J]" wrote:
>>
>> I read an article in a recent Windows NT magazine stating that computers
>> change their own domain computeraccount password every 7 days. Disconnecting
>> a machine (laptop user for example) from the domain for longer than this
>> period can cause login errors. I can't recall the exact error but something
>> along the lines of 'computer trust account being broken or no longer
>> established'.
>
> Yes and no. NT PDC negotiate a new computeraccount password every 7 days
> with all NT domain members. However, if the workstation is not accessible
> the password will not be changed and the laptop (in your example) will still
> be able to connect with the PDC the next time.
This is the way NT does it. If password negotiation fails it will be done next
time you connect to the lan. But there was an error in one of M$ hotfixes
causing the PDC to change the password nevertheless. Rendering it impossible
to logon, until an admin put your box back into the domain. This shouldn't be
seen anymore since SP #3 as far as i know.
> Suppose your your company closes for 2 weeks during summer. You don't want
> to re-establish every trust relationship between the PDC and it's members.
>
>> Steve Wingate, MCSE
>
> I'm not a MCSE but I think I'm right on that. Please tell me if I'm not.
--
More information about the samba-ntdom
mailing list