[Samba] secrets

Wolfram Quester wquester at gandalf.physik.uni-konstanz.de
Mon Jul 1 10:55:03 GMT 2002


in secrets.tdb the passwords for machine accounts are stored (if I
understand correctly what "man 8 smbpasswd" says:


	This option is used to add a Samba server into a Windows NT
	Domain, as a Domain member capable of authenticating user accounts to
	any Domain Controller in the same way as a Windows NT Server. See the
	security = domain option in the smb.conf(5) man page.
	When invoked with -U, that username (and optional password)
	are used to contact the PDC (which must be specified with -r) to both
	create a machine account, and to set a password on it.

	Alternately, if -U is omitted, Samba will contact its PDC and
	attempt to change the password on a pre-existing account.
	Either way, this password is then stored by smbpasswd in a
	TDB, writeable only by root, called secrets.tdb

Since the machine account's password changes sometimes (every 7 days
per default if I remember correctly) the file also changes. You can
change this behaviour by editing the registry under Win.

If you compiled samba with the option "--with-ldapsam" then the
password for the admin account/DN is also stored insecrets.tdb.

-- Wolfi

More information about the samba mailing list