[Samba] My experience with samba/ldap and machine accounts

[Adam Williams]

> This is a snippet of an email I sent to Mark Taylor (who I contacted thru
> this list) today. I thought I should share this with you...
> I am the double >> and zero-> typer.
> > > On the other side, we've developed a new version of our DDS software
> > > (remember the novell+NT to Linux+openldap+samba migration?) and theyre
> > > going into production line today :)
> > Cool, let me know how it goes...
...
> Actually, the lmPassword and ntPassword attributes are scrambled and their
> values are no longer those of Domain Join-time. Dunno why it happens, this
> is somewhat documented (When updating blablabla, this may happen
> smbldap-howto I believe... but I'm not sure).

The workstation periodically changes the password,  and does so when it
first joins the domain.  Before that it is a "well known" value.  So you
can't rejoin after joining without recreating the object.