Samba 2.0.6 and PDC mode
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Feb 11 06:27:10 GMT 2000
On Fri, 11 Feb 2000, Richard Sharpe wrote:
> I seem to recall that Microsoft have changed the way that NT SP5 and above
> join a domain to remove that well known password that is used.
no, they haven't. it's still as insecure as hell, icluding when a backup
domain controller is added to an NT domain.
just as mark russovitch wrote a small utility for NT to fix this by
directly modifying the well-known trust account password on _both_ the
local workstation / server _and_ the SAM database, last night i wrote up
lsa_set_secret_value so that rpcclient can do the same job.
> Is this the case? This suggests that SP5 cannot be used with Samba 2.0.x
> in PDC mode.
well, you cna't properly use 2.0.x as a pdc _Anyway_, but aside from that,
yes you can use SP5 --- just that if you're paranoid about security, the
solutions are a damn nuisance.
the only client-side fixes have been added to NT5. you _can't_ join NT5
to a dmoain without the admin user/pass, now, which is REALLY good.
More information about the samba-ntdom
mailing list