Can someone verify my checklist?

Tue Feb 24 14:20:00 GMT 2004

On Mon, 23 Feb 2004 14:55:59 -0600
Andrew Bartlett <abartlet at> wrote:

> You must migrate the machine passwords too.  Not that it looks like
> that will be a problem, as the passwords are just pulled with the
> rest. Machine password's can't be NULL, as the client asserts (by
> various crypto games) that the server knows the password, and can
> therefore be trusted.

I'm glad you brought that up dude!  Your right, all that stuff is in
LDAP, and the convert script was a huge time saver - Thank's Jerry.
But I had always wondered about the LM and NT passwords.  I have
always created the machine account from the Windows workstation by
"joining" the Samba domain.  So the passwords were automatically
inserted into LDAP.  But what if I created the machine account on
prior and generated an arbitrary password?  Would it work?  Would the
client be seen as a trusted machine?  Doesn't the client need to know
what that password is somehow?


Linux: "$ su - root"  -->  Windows: (reboot)

More information about the samba-technical mailing list