[Samba] copying machine trust account password from windows to samba

Dev Mittal dev.mittal at gmail.com
Fri Oct 3 07:00:04 GMT 2008

hi folks,

I have a small problem with joining samba to an Active Directory domain &
would really appreciate the help of some Samba Gurus.

I have windows and linux both installed on my workstation. My windows
installation is joined to an Active Directory domain and I would like my
linux installation to join the same domain with the same identity using
Samba. The problem is, I don't have access to domain administrator
credentials and so would like to use the same machine trust account password
as is used by the windows installation, in Samba too.

So, I understand that I need to supply the correct "machine trust account"
password to Samba, which I was able to obtain from windows by dumping the
LSA secret named "$MACHINE.ACC". The problem is, this password is in a UCS-2
(little-endian) encoding and If I just copy and paste the same into the
SECRETS/MACHINE_ACCOUNT/PASSWORD key (in the secrets.tdb file), it does not
work (I get some sort of kerberos authentication failed error).

 I even tried to convert the password to UTF8 encoding and feed the
resulting byte string to samba and that ran into some problems too.
So my question is, how do I make Samba interpret the UCS-2 encoded machine
trust account password correctly? If I can do this, I can make Samba join
the domain too, just by having copied the identity and credentials from the
windows installation.

any helpful suggestions/ comments?


More information about the samba mailing list