storing our machine account name in secrets.tdb

[Michael Adda]

Hi Volker,

I see no problem with it in general, but care must be taken in order to
reply with the old hostname when doing NTLMv2 authentication.
Otherwise, I think this may break the case where
NTLMSSP_CHAL_TARGET_INFO is set in ntlmssp_server_negotiate().
My experience shows that DCs do not allow samlogons auths if there's a
mismatch between the account name and the name in the challenge blob.

Michael Adda

-----Original Message-----
From: samba-technical-bounces+michael.adda=expand.com at lists.samba.org
[mailto:samba-technical-bounces+michael.adda=expand.com at lists.samba.org]
On Behalf Of Volker Lendecke
Sent: Tuesday, March 13, 2007 5:36 PM
To: jerry at samba.org
Cc: samba-technical at samba.org
Subject: storing our machine account name in secrets.tdb

Hi!

I need to solve the problem where winbind fails if it got a different
hostname via dhcp and no 'netbios name' is set in smb.conf.

I'm going to solve it by also storing the account name we joined as in
secrets.tdb and modify
secrets_fetch_machine_password() to also return that account name.

To me this seems the logical way to do it, as the machine password and
the account name can really be seen as one unit. We need to provide a
"net rpc/ads rename account"
command that does everything necessary then. (I vaguely remember there
is already something like that around, I need to modify it
appropriately.)

Any serious concerns around?

Volker