Missing sambaLMPassword in machines account entries in Samba-LDAP

Wong Onn Chee ocwong at usa.net
Mon Jun 21 09:50:54 GMT 2004

Hi Andrew,

I have finally found the cause!
It is due to the automatic machine account password changes by the 
Windows workstation.

It is quite well-documented at:

One last question is that why are the machines are not being allowed to 
update their passwords in the Samba.


Andrew Bartlett wrote:
> On Wed, 2004-06-16 at 20:36, Wong Onn Chee wrote:
>>Recently, I encountered the following problem
>>1) I joined some Windows machines (includes NT, 2k and XP Pro 
>>workstations) into a Samba (3.0.4) domain with LDAP backend (OpenLDAP 
>>2) Few days later, they suddenly couldn't login to domain.
>>3) After rejoining the domain, login works fine.
>>An investigation of the LDAP entries before and after the rejoining 
>>brought an interesting discovery.
>>Before the rejoining, the machine accounts have both sambaNTPassword and 
>>sambaLMPassword. However, after rejoining, they only have 
>>sambaNTPassword, without sambaLMPassword
> I don't think the lack of the LMPassword is the issue - Samba never
> reads that attribute for machine accounts.
> Samba 3.0.4 just doesn't set the LMPassword for machines, on the machine
> password change, or for 'long' machine passwords (XP pro machines seem
> to create these) for the password set.
> Andrew Bartlett


Best Regards
Wong Onn Chee
Technology Solutions
Resolvo Systems Pte Ltd

20, Ayer Rajah Crescent
#08-02 Techno Centre
Singapore 139964
Main Line:   (65)  6873 2049
Fax:             (65)  6873 4905
Mobile:        (65)  9838 7930
Email: onnchee at resolvo.com
Website: www.resolvo.com
Please Note: This message contains information which may be confidential and
privileged. Unless you are the intended addressee (or authorised to receive
for the addressee), any distribution, copying or disclosure of the message
or any information obtained in the message is strictly prohibited. If you
have received the message in error, please advise the sender by replying to
the sender's email address

More information about the samba-technical mailing list