question about machine hostid in smbpasswd Samba 2.0.6a

Simo Sorce simo.sorce at polimi.it
Mon Aug 7 12:42:30 GMT 2000 

Paul J Collins wrote:
> 
> >>>>> "Simo" == Simo Sorce <simo.sorce at polimi.it> writes:
> 
>     Simo> Paul J Collins wrote:
>     >> To the best of my knowledge, this is initiated by the server,
>     >> and there is an smb.conf setting to change the interval (this
>     >> came up when TNG's password changing didn't work).
> 
>     Simo> I'm not sure, I think it is changed by the machine.
> 
> Me either, but I thought I remembered Luke mentioning some smb.conf
> parameter to control this.

Ok, I chacked the question (as Elrond) and my findings are that.
1. The client changes the password.
2. Sever require client to change password in a specified time frame
(default 1 week) or it will be disabled.
3. Unsure: I think the option in smb.conf is there to make samba change
it's password when part of a regular NT domain (or to behave as NT when
used as PDC?)

> 
>     >> Er, when you image the machine, all record of the domain it was
>     >> in will be lost, including the current machine account
>     >> password.  There is probably a way to put the password back in
>     >> the machine's LSA secrets, but is it really worth the bother?
> 
>     Simo> you're wrong.
>     Simo> With ghost I make a phisical Image of the machine and all the data,
>     Simo> registry and whatever you want is preserved. Is a perfect snapshot.\
>     Simo> So saving the smbpasswd entry you should have everything you need
>     Simo> anyway.
> 
> When I used the word "image", I was speaking of the act of writing the
> image file onto a new machine.  What I was saying was that the
> destination machine will need to have its machine name changed, which
> requires a fresh machine account to be created.  I always take the
> image source out of the domain before I create the image file from it,
> so that whoever is using it will have less difficulty working out why
> they can't log on.
> 
> Possibly you are doing something different with the image, but I don't
> currently understand the urgent need to preserve the machine account
> password.
> 
The fact is our classroom are full of users every day (also malicoius
ones) and we have the same (bloated) software installed for the academic
year.
What we do with the large amount of disk space vendors today sell, is to
have disk with three partion: system, scratch and hidden.
- The scratch partition is used by user for storing temporary data.
- The system partition contain operating system (and application that
can't be installed on network disks).
- The hidden partition contains a (ghost)copy of the system partition.

This helps with untrusted/incapable classroom operators.
They are not able to administer a machine ever for simple tasks (and are
often untrusted).
As machine often crash to death we made a special floppy that restores
the image in the hidden partion on the new one without requiring SysAdm
intervent.
As every machine has it's own image SID, machine account, passwords are
no problem anymore.

> --
> Paul Collins <pjdc at eircom.net> - - - - - - - [ A&P,a&f ]
>  GPG: 0A49 49A9 2932 0EE5 89B2  9EE0 3B65 7154 8131 1BCD
>  PGP: 88BA 2393 8E3C CECF E43A  44B4 0766 DD71 04E5 962C
> "Cover up and say goodnight... say goodnight."

-- 
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!

More information about the samba-ntdom mailing list