samba and nt, nt box vs. pdc change machine passwords ?
Simo Sorce
simo.sorce at polimi.it
Tue Jan 16 14:09:31 GMT 2001
Another way to avoid this problem is to backup machine password while
taking machine image and restore it while restoring machine image.
This lead to security issues but should work.
On Tue, 16 Jan 2001, Makis Marmaridis wrote:
>
> Actually, this is not quite accurate. The machine accounts on an NT domain
> are changed automatically on a weekly basis. Therefore, it doesn't matter
> how much you wait until you do the imaging, you are still bound to run into
> the same problem.
>
> Microsoft suggests the following work-around
>
> http://support.microsoft.com/support/kb/articles/Q154/5/01.ASP
>
> that basically says that by modifying a particular registry key, you can
> stop this behaviour (which also means that other people might then be able
> to easier impersonate one of your trusted machines on the domain by guessing
> its password (however until today I haven't heard of anybody doing so...
> yet!) :-)
>
> HTH,
>
> Cheers,
> Makis.
>
>
> -----Original Message-----
> From: samba-ntdom-admin at us5.samba.org
> [mailto:samba-ntdom-admin at us5.samba.org]On Behalf Of Doug Breshears
> Sent: Tuesday, 16 January 2001 3:28 PM
> To: Jens Schwepe; samba nt domain mailinglist (E-Mail)
> Subject: Re: samba and nt, nt box vs. pdc change machine passwords ?
>
>
> I believe that the machine accounts get changed after a
> period of being
> on the network. You might do well to install and wait a week
> or two, then
> image the HD, this I believe would give you the stable
> machine SID. I am
> not sure of this completely accurate just my 2 cents.
> Doug.
>
> ----- Original Message -----
> From: Jens Schwepe <js at ic-bremen.de>
> To: samba nt domain mailinglist (E-Mail)
> <samba-ntdom at us5.samba.org>
> Sent: Monday, January 15, 2001 8:54 AM
> Subject: samba and nt, nt box vs. pdc change machine
> passwords ?
>
>
> > hi,
> >
> > i've successively set up a network with 10 nt boxes and 2
> samba servers.
> > first is file server, second is pdc and login server with
> the
> > machine/user passwords file.
> >
> > to minimize admin work i've made a snapshot of every
> client's hard disk
> > partition with ( dd if=/dev/hda1 | gzip -c --best >
> client.disk.gz ) to
> > the file-server, which is read back to the client's disk
> every night.
> > Thus feigning the nt boxes would be freshly installed
> every morning :-)
> >
> > cool thing i guess, but every now and then one or more of
> the
> > server-side stored machine passwords seem to change,
> resulting in users
> > not able to login on that particular machine anymore ( -->
> nt box says
> > something like "machine not member of domain").
> >
> > could it be that during normal login/logoff work the nt
> boxes and the
> > pdc internally change/modify the machine's password ???
> >
> >
> > thnx in advance
> >
> > Jens Schwepe
> > js at ic-bremen.de
> > www.ic-bremen.de
> >
> >
> >
> >
>
>
>
>
--
Simo Sorce - Integrazione Sistemi Unix/Windows - Politecnico di Milano
E-mail: simo.sorce at polimi.it
Tel.int: 02 2399 2425 - Fax.int. 02 2399 2451
-----------------------------------------------------------------
Be happy, use Linux!
More information about the samba-ntdom
mailing list