[Samba] machine trust account password backup

Vincent Régnard lists001 at regnard.org
Thu Apr 12 15:47:13 GMT 2007

Hi all,

I am facing a problem regarding machine trust account password backup 
for samba-3 acting as NT4 PDC.

If I understand it well, password for machine trust account are always 
modified the first time a windows host joins the domain. I use smbpasswd 
backend (samba3.0.25rc1), and the password in modified in the db file 
smbpasswd. Is there a way to now this password in a clear text format ?

I manually create user and machine accounts (Unix+samba) and I actually 
need this because my rescue system automatically recreates smbpasswd 
from cleartext information stored in a remote DB. It's been working well 
for years with user accounts, but now that I switched to samab-as-PDC I 
encounter a big problem (I cant get the machine password to have them 
stored in my backup database). I am looking for a solution:

- Ideally I would like to set an initial password for machine trust 
account and force the client to use this password: the samba password 
for the machine would be "imported" in windows registry (maybe manually) 
? Can samba force windows to use a given password for machine trust 
account ?

- Maybe there are some possibilies to get the cleartext transcoding of 
the password that is set when joining the domain the first time so that 
I can back-it up in my database ?

What is the "standard" solution you would recommand ? Do I rather backup 
smbpasswd file and restore lines concerning machine trust account ?

Any comments are welcome.


More information about the samba mailing list