[TNG] Status (and merging)

Peter Samuelson peter at cadcamlab.org
Mon Jul 24 23:53:00 GMT 2000

[Aaron Brooks <abrooks at css.tayloru.edu>]
> Hmmm.... Would it be possible to provide a shell or perl script
> wrapper which can behave like smbpasswd on behalf of samedit? This
> seems like the path of least resistance if it is possible. This
> leaves current users in the position to decide when they get rid of
> smbpasswd.

Here's my understanding: rpcclient and smbpasswd may *appear* to do
similar things, but under the hood they're completely different.
smbpasswd uses the win9x calls, rpcclient uses the nt calls.
Apparently the nt calls are much more secure, surprise surprise.

In the case of smbpasswd -j for joining a domain, it works by knowing
the well-known default machine password for the domain, assuming you've
already been on the PDC to create the account.  Thus it doesn't need
any other authentication to the server.  rpcclient, on the other hand,
must authenticate as an administrator on the server because it creates
the machine account with a random password.

ANYWAY, what I was getting at is that (at least as I understand it) it
is not directly possible to emulate smbpasswd using rpcclient/samedit,
because they use different network calls.  The best you could do is
emulate the *user interface*.  That would help some people, but the
main concern here is people with Samba 2.0.x PDC's, which do not
properly support the rpcclient calls.


More information about the samba-ntdom mailing list