question about machine hostid in smbpasswd Samba 2.0.6a

Simo Sorce simo.sorce at polimi.it
Fri Aug 4 15:03:33 GMT 2000 

Paul J Collins wrote:
> 
> >>>>> "Simo" == Simo Sorce <simo.sorce at polimi.it> writes:
> 
>     Simo> "Melissa M. Thrush" wrote:
>     >>
>     >> I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box.  It's been
>     >> working fine and I have machines added to the smbpasswd by using
>     >> the "smbpasswd -a -m" command.  Recently I installed a new "pc image" (OS,
>     >> apps, etc.) onto a pc that had been working as a member of the domain.
>     >> When the new image was installed however, a user could no longer log into
>     >> the domain from this pc.  I had to readd the machine to the smbpasswd file
>     >> even though it already was there.
>     >>
>     >> My question, is the encrypted smbpasswd hash comprised somehow of the
>     >> machine's hostid (serial number)?  Because when I install a new "pc image"
>     >> the new image has a different "serial number/hostid" than the previous
>     >> image.
>     >>
> 
>     Simo> We used the same method there with ghost software principally.
>     Simo> We have to readd machines also to Win Domains because of machine
>     Simo> passwords.
>     Simo> By default machine password are changed every week, so an image older
>     Simo> then a week fails it's autenthication because of wrong password.
>     Simo> Password are changed by the client and I do not know any way to avoid
>     Simo> it.
> 
> To the best of my knowledge, this is initiated by the server, and
> there is an smb.conf setting to change the interval (this came up when
> TNG's password changing didn't work).

I'm not sure, I think it is changed by the machine.

> 
> In any case, you're going to have to change the machine name of the
> image, so you'll have to recreate the machine account.
> 
>     Simo> A way to not have the machine rejoin a sambaPDC server may
>     Simo> be to save the smbpasswd entry when you make the machine
>     Simo> image and restore this entry when you install back that
>     Simo> image, this is untested anyway, but.
> 
> Er, when you image the machine, all record of the domain it was in
> will be lost, including the current machine account password.  There
> is probably a way to put the password back in the machine's LSA
> secrets, but is it really worth the bother?

you're wrong.
With ghost I make a phisical Image of the machine and all the data,
registry and whatever you want is preserved. Is a perfect snapshot.\
So saving the smbpasswd entry you should have everything you need
anyway.

> 
> It's also strongly recommended that you use NewSID or similar to
> assign a new machine SID before you join an imaged machine to a
> domain.  (I sincerely hope your image is not of a domain member
> machine!)  If you don't, workgroup security breaks down, and if you
> wind up using Windows 2000 Server, it'll cause problems there too
> (possibly only with Active Directory-based installations, but I don't
> know).
> 
> This is all a tad messy, hope it makes sense.
> 
> --
> Paul Collins <pjdc at eircom.net> - - - - - - - [ A&P,a&f ]
>  GPG: 0A49 49A9 2932 0EE5 89B2  9EE0 3B65 7154 8131 1BCD
>  PGP: 88BA 2393 8E3C CECF E43A  44B4 0766 DD71 04E5 962C
> "Cover up and say goodnight... say goodnight."

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-ntdom mailing list