LDAP-SAM and Samba 2.2

Tarjei Huse tarjei at nu.no
Mon Dec 3 10:51:33 GMT 2001

> * The lmPassword and ntPassword LDAP attributes contain suspicious data
>   after the join operation. If the initial passwords for "roadrunner$" was
>   DC12FFA682C3844D2E87078C29EC8618:63911FAC3D75FECB66C48A17A30C5F9D, samba
>   changes them to
>   0029170800000000002E1E388B7B9D9B:0000000100000002002DF49000000000 during
>   the join operation. What's with all the zeroes?
When joining the domain, the machine will change the pwd to a random value known
by the machine and the pdc.
> * If i don't set acctFlags within the "add user script" script to
>   [W          ], samba will set acctFlags to [DW         ]. Is this a good
>   thing or a bad thing.
Try setting them to w :)
> * How is the password generated that is used to generate the final lm/nt
>   hashes for the machine account? Where in the Samba code does this
>   happen?
It happens on the client. 
> * What value for "debug level" should I use to get information that might
>   lead me to a solution?
Beats me :)
> Any thoughts will be greatly appreciated,
Try getting tng-alpha. I've used the ldap support there in production for 7
months without any trouble. Also read the docs (and links!) on ldap that you
find here: www.samba-tng.org/docs.html

> /Erik
> --
> Erik Persson, System Manager            <erik at roxen.com>
> Roxen Internet Software                 Voice:  +46 13 376817

More information about the samba-ntdom mailing list