Samba-3.0.7-1.3E Active Directory Issues
Huaraz
huaraz at moeller.plus.com
Wed Nov 10 00:20:18 GMT 2004
Luke,
The salt for a computer accounts on 2003 is
REALM | "host" | SAM-Account-Name|realm (SAM-Account-Name without the $)
on 2000 and if user accounts are used it is
REALM | "host" | dNSHostName
We tested it intensively.
Regards
Markus
----- Original Message -----
From: "Luke Howard" <lukeh at padl.com>
To: <huaraz at moeller.plus.com>
Cc: <samba-technical at lists.samba.org>
Sent: Tuesday, November 09, 2004 11:27 PM
Subject: Re: Samba-3.0.7-1.3E Active Directory Issues
>
> Hi Markus,
>
>>yes correct. With the MS ktpass it would be:
>>ktpass /ou file /desonly /crypto des-cbc-md5 /ptype krb5_nt_srv_hst
>>/mapuser
>>testserver-host$ /princ host/testserver.mycountry.mydomain.com at MYREAL.COM.
>>This will be mapped to a computer account testserver-host with
>>sAMaccountname testserver-host$.
>
> Interesting. I wonder why the domain is present twice. What happens if
> you change the dNSHostName value of the principal? Does the latter part
> of the salt change too?
>
> I wonder if the salt is:
>
> REALM | "host" | dNSHostName
>
> or
>
> REALM | "host" | SAM-Account-Name-No-$ | realm
>
> regards,
>
> -- Luke
>
> --
>
More information about the samba-technical
mailing list