question about machine hostid in smbpasswd Samba 2.0.6a
Simo Sorce
simo.sorce at polimi.it
Fri Aug 4 15:03:33 GMT 2000
Paul J Collins wrote:
>
> >>>>> "Simo" == Simo Sorce <simo.sorce at polimi.it> writes:
>
> Simo> "Melissa M. Thrush" wrote:
> >>
> >> I have Samba 2.0.6a working as a PDC on a Solaris 2.6 box. It's been
> >> working fine and I have machines added to the smbpasswd by using
> >> the "smbpasswd -a -m" command. Recently I installed a new "pc image" (OS,
> >> apps, etc.) onto a pc that had been working as a member of the domain.
> >> When the new image was installed however, a user could no longer log into
> >> the domain from this pc. I had to readd the machine to the smbpasswd file
> >> even though it already was there.
> >>
> >> My question, is the encrypted smbpasswd hash comprised somehow of the
> >> machine's hostid (serial number)? Because when I install a new "pc image"
> >> the new image has a different "serial number/hostid" than the previous
> >> image.
> >>
>
> Simo> We used the same method there with ghost software principally.
> Simo> We have to readd machines also to Win Domains because of machine
> Simo> passwords.
> Simo> By default machine password are changed every week, so an image older
> Simo> then a week fails it's autenthication because of wrong password.
> Simo> Password are changed by the client and I do not know any way to avoid
> Simo> it.
>
> To the best of my knowledge, this is initiated by the server, and
> there is an smb.conf setting to change the interval (this came up when
> TNG's password changing didn't work).
I'm not sure, I think it is changed by the machine.
>
> In any case, you're going to have to change the machine name of the
> image, so you'll have to recreate the machine account.
>
> Simo> A way to not have the machine rejoin a sambaPDC server may
> Simo> be to save the smbpasswd entry when you make the machine
> Simo> image and restore this entry when you install back that
> Simo> image, this is untested anyway, but.
>
> Er, when you image the machine, all record of the domain it was in
> will be lost, including the current machine account password. There
> is probably a way to put the password back in the machine's LSA
> secrets, but is it really worth the bother?
you're wrong.
With ghost I make a phisical Image of the machine and all the data,
registry and whatever you want is preserved. Is a perfect snapshot.\
So saving the smbpasswd entry you should have everything you need
anyway.
>
> It's also strongly recommended that you use NewSID or similar to
> assign a new machine SID before you join an imaged machine to a
> domain. (I sincerely hope your image is not of a domain member
> machine!) If you don't, workgroup security breaks down, and if you
> wind up using Windows 2000 Server, it'll cause problems there too
> (possibly only with Active Directory-based installations, but I don't
> know).
>
> This is all a tad messy, hope it makes sense.
>
> --
> Paul Collins <pjdc at eircom.net> - - - - - - - [ A&P,a&f ]
> GPG: 0A49 49A9 2932 0EE5 89B2 9EE0 3B65 7154 8131 1BCD
> PGP: 88BA 2393 8E3C CECF E43A 44B4 0766 DD71 04E5 962C
> "Cover up and say goodnight... say goodnight."
--
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!
More information about the samba-ntdom
mailing list