newbie Q: why need to readd machine to smbpasswd when rejoining domain?
hazen at potentia.ca
Wed Jan 3 20:34:27 GMT 2001
I've had to do the same a few times (and my clients are NT4 SP5 w/security)
as newbie Q, delete and re-add (At's how i also got the w2k clients on as
well) Just mentioning it.
From: samba-ntdom-admin at us5.samba.org
[mailto:samba-ntdom-admin at us5.samba.org]On Behalf Of jeremy garber
Sent: Wednesday, January 03, 2001 1:58 PM
To: samba-ntdom at samba.org; mac at dgp.toronto.edu
Subject: Re: newbie Q: why need to readd machine to smbpasswd when
> I've noticed that I must delete and then re-add a Win* machine to
> private/smbpasswd any time I leave a given domain and then rejoin it. I
> this has something to do with the regeneration of the SID, but I would
> know why this is (and perhaps a way to avoid having to do this).
At least for WinNT 4.0 clients, the clients' netlogon service requests
a change of the machine's password entry (from the well known default
password) upon joining a domain (ok, after a reboot if you use the gui or
without a reboot if you use netdom... when the netlogon service starts)
with which samba complies.
When an NT client attempts to join a domain, it always expects it's well
known password (which no longer exists in smbpasswd after the first time
the machine joins the domain).
To stop this behavior, see
(i.e. change the
registry entry from 0 to 1)
Note the security warnings/implications.
> I'm using 2.2 from cvs, last synched somewhere in the middle of December.
We are currently testing 2.0.7, but I presume that the functionality would
be the same from samba's side since this is what an NT server would do (but
you can disable from the server side too with NT -- I haven't investigated
2.2 cvs conf options, but I haven't found a "refuse machine password change"
like option in 2.0.7).
Corrections to any of the above is welcome.
Engineering College Computing
The University of Toledo
jgarber at eng.utoledo.edu
> Maciej Kalisiak mac at dgp.toronto.edu www.dgp.toronto.edu/~mac
More information about the samba-ntdom