Missing sambaLMPassword in machines account entries in Samba-LDAP

Andrew Bartlett abartlet at samba.org
Thu Jun 17 03:07:53 GMT 2004

On Wed, 2004-06-16 at 20:36, Wong Onn Chee wrote:
> Hi,
> Recently, I encountered the following problem
> 1) I joined some Windows machines (includes NT, 2k and XP Pro 
> workstations) into a Samba (3.0.4) domain with LDAP backend (OpenLDAP 
> 2.1.23)
> 2) Few days later, they suddenly couldn't login to domain.
> 3) After rejoining the domain, login works fine.
> An investigation of the LDAP entries before and after the rejoining 
> brought an interesting discovery.
> Before the rejoining, the machine accounts have both sambaNTPassword and 
> sambaLMPassword. However, after rejoining, they only have 
> sambaNTPassword, without sambaLMPassword

I don't think the lack of the LMPassword is the issue - Samba never
reads that attribute for machine accounts.

Samba 3.0.4 just doesn't set the LMPassword for machines, on the machine
password change, or for 'long' machine passwords (XP pro machines seem
to create these) for the password set.

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20040617/5eac47ed/attachment.bin

More information about the samba-technical mailing list