Samba-3.0.7-1.3E Active Directory Issues
Doug VanLeuven
roamdad at sonic.net
Wed Nov 10 02:38:35 GMT 2004
Luke Howard wrote:
>Hi Markus,
>
>
>
>>REALM | "host" | SAM-Account-Name|realm (SAM-Account-Name without the $)
>>
>>
>
>Another thing I noticed: SAM-Account-Name is always converted to
>lower case before creating the salt. Attached is a sample
>krb5_get_win2k_host_salt() for Heimdal.
>
>
>
>>on 2000 and if user accounts are used it is
>>
>>REALM | "host" | dNSHostName
>>
>>
>
>This can't be the case for user accounts as dNSHostName is not a
>permitted attribute on users, only computers. I presume you mean
>that the salt is the output of krb5_principal2salt() as you said
>before?
>
>
It's whatever was used as /princ in the ktpass.exe mapping to the user
account.
Most people map
ktpass -princ host/hostname at NT-DNS-REALM-NAME -mapuser account
where
hostname is the host's DNS name
Regards, Doug
More information about the samba-technical
mailing list