[Samba] secretly replacing a windows domain client with samba

Benjamin Adler ben at politbuero.dyndns.org
Sat Jan 18 00:10:01 GMT 2003


Hello!

I have a problem: I work in a company which is strictly windows-only, and
I really need to replace a windows-xp machine - which is a member of the
company's domain - with a linux machine (using samba).

This new linux machine will have to upload backups of its data to a share
within the domain. Thus, it needs to be a member of the domain (correct?).

Obviously, I need to join the linux-box to the domain without the
domain-admins knowing, and thats where my problems start.

If I understood correctly, every machine in the domain has a machine trust
account (MTA) on the PDC. The MTA's username is the clients' NETBIOS
machine name with a "$" appended, and the password is set to a random
value by the client when first joining the domain.

That way, one cannot just replace a machine thats member of the domain
with another machine. The domain-admins would have to reset the MTA's
password, so that the new machine can join.

Since I cannot ask the domain-admins to do just that, I'm looking for a
way to extract this machine password - which, to my understanding, is
still stored on the old winxp-client - and use it in samba (samba stores
that in the secrets.tdb, right?).

Now my question: Have I understood the problem correctly? If yes, what can
I do, is there a way to extract the machine password? Has anyone ever done
this?

I *think* that the PDC is a windows NT 4 machine, but I'm not sure. I DO
have a valid user account for the domain, but it doesn't have any special
privileges (like being domain admin :)

Thanks a lot for your help!
	Ben Adler

P.S: Please CC to my address, too!





More information about the samba mailing list