LDAP-SAM and Samba 2.2
tarjei at nu.no
Mon Dec 3 10:51:33 GMT 2001
> * The lmPassword and ntPassword LDAP attributes contain suspicious data
> after the join operation. If the initial passwords for "roadrunner$" was
> DC12FFA682C3844D2E87078C29EC8618:63911FAC3D75FECB66C48A17A30C5F9D, samba
> changes them to
> 0029170800000000002E1E388B7B9D9B:0000000100000002002DF49000000000 during
> the join operation. What's with all the zeroes?
When joining the domain, the machine will change the pwd to a random value known
by the machine and the pdc.
> * If i don't set acctFlags within the "add user script" script to
> [W ], samba will set acctFlags to [DW ]. Is this a good
> thing or a bad thing.
Try setting them to w :)
> * How is the password generated that is used to generate the final lm/nt
> hashes for the machine account? Where in the Samba code does this
It happens on the client.
> * What value for "debug level" should I use to get information that might
> lead me to a solution?
Beats me :)
> Any thoughts will be greatly appreciated,
Try getting tng-alpha. I've used the ldap support there in production for 7
months without any trouble. Also read the docs (and links!) on ldap that you
find here: www.samba-tng.org/docs.html
> Erik Persson, System Manager <erik at roxen.com>
> Roxen Internet Software Voice: +46 13 376817
More information about the samba-ntdom