Account with no lanman hash [ was Re: [Samba] Machine accounts,
Samba 3, NT Domain migration
indorama at rad.net.id
Sat Mar 27 02:12:22 GMT 2004
* Andrew Bartlett <abartlet at samba.org> menulis:
> > 1. Machine has valid passwords (NT+LANMAN) in PWDUMP but only 1
> > NThash on rpc-Vampire, passwd is different.
> > 2. Valid PWD, only NThash on VMP, but NTHASH in VMP is *same* as
> > LANMANHASH in PWD.
> > 3. No valid hash in PWD (only "****"), but has valid NTHASH in
> > VMP. 4. Valid PWD, valid VMP and both are same.
> > On rpc-vampire, from total of 638 machine, 448 are only having
> > NTpassword hash entry.
> > Is it ok for machine account to have only one hash? (i can not try
> > it right now because the site is on another city).
> Only the NT password matters, except on 3.0.2 and 3.0.2a. Later CVS
> fixed an issue where the NT password not being present caused a bug
> (account would be marked disabled).
1. In which tools we trust the output? pwdump or rpc vampire? why the
output is different?
2. Is this mean I can not use 3.0.2 or 3.0.2a if I don't have LANMAN
Note: this 'feature' is mark as 'bug' by jerry and has been fixed.
Is it safe to have NT hash only on production?
> Andrew Bartlett
More information about the samba