Account with no lanman hash [ was Re: [Samba] Machine accounts, Samba 3, NT Domain migration

Beast indorama at
Sat Mar 27 02:12:22 GMT 2004

* Andrew Bartlett <abartlet at> menulis:

> > 1. Machine has valid passwords (NT+LANMAN) in PWDUMP but only 1
> > NThash on rpc-Vampire, passwd is different.
> > 2. Valid PWD, only NThash on VMP, but NTHASH in VMP is *same* as
> > 3. No valid hash in PWD (only "****"), but has valid NTHASH in
> > VMP. 4. Valid PWD, valid VMP and both are same.
> >
> > On rpc-vampire, from total of 638 machine, 448 are only having
> > NTpassword hash entry.
> > 
> > Is it ok for machine account to have only one hash? (i can not try
> > it right now because the site is on another city).
> Only the NT password matters, except on 3.0.2 and 3.0.2a.  Later CVS
> fixed an issue where the NT password not being present caused a bug
> (account would be marked disabled).

1. In which tools we trust the output? pwdump or rpc vampire? why the
output is different?

2. Is this mean I can not use 3.0.2 or 3.0.2a if I don't have LANMAN
Note: this 'feature' is mark as 'bug' by jerry and has been fixed.
Is it safe to have NT hash only on production?

3. Thanks. 

> Andrew Bartlett


More information about the samba mailing list