[Samba] Machine accounts, Samba 3, NT Domain migration
abartlet at samba.org
Fri Mar 26 23:18:46 GMT 2004
On Sat, 2004-03-27 at 00:36, Beast wrote:
> * Andrew Bartlett <abartlet at samba.org> menulis:
> > > Well, congratulations.
> > > most likely you need to rejoin all of your clients before running
> > > rpc vampire.
> > >
> > > After this step is complete, you can then login from client to
> > > samba domain without rejoining again.
> > You should *never* have to rejoin clients. Ever. That is the point
> > of a vampired system. If there are situations where you do have to
> > rejoin
> I'd loved to be wrong here, but i'm afraid not.
> I've just vampiring again using latest smbldap script, but it still
> has weird results. Here's the summary, comparing pwdump.exe result vs
> rpc vampire:
> 1. Machine has valid passwords (NT+LANMAN) in PWDUMP but only 1 NThash
> on rpc-Vampire, passwd is different.
> 2. Valid PWD, only NThash on VMP, but NTHASH in VMP is *same* as
> LANMANHASH in PWD.
> 3. No valid hash in PWD (only "****"), but has valid NTHASH in VMP.
> 4. Valid PWD, valid VMP and both are same.
> On rpc-vampire, from total of 638 machine, 448 are only having
> NTpassword hash entry.
> Is it ok for machine account to have only one hash? (i can not try it
> right now because the site is on another city).
Only the NT password matters, except on 3.0.2 and 3.0.2a. Later CVS
fixed an issue where the NT password not being present caused a bug
(account would be marked disabled).
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040327/bfefd56b/attachment.bin
More information about the samba