[Samba] Bad passwords from Vampire / NT migration

Cooper S. Blake the_analogkid at yahoo.com
Tue Oct 21 18:35:28 GMT 2008


> I started looking at all the password hashes using pdbedit -Lw, and
> found the following:
>
> * There are no LanMan password hashes (all set to XXXX...)
> * Most machine accounts have neither LanMan nor NT password hashes:
> WS6$:576:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
>	XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[W          ]:LCT-48D8EC0E:
> * The NT hashes for the user accounts appear to be incorrect.

Can anyone tell me why net rpc samdump gets the correct LM and NT
password hashes, but net rpc vampire gets incorrect hashes?  What's
funny is that vampire seems to produce consistent results, but
they're consistently wrong.

Is it possible that the NT PDC doesn't trust the Samba server so
it gives it bad hashes?

If there was an easy way to update the NT password hashes in the
passdb tdb file then I would do it.  I could import the samdump via
the pdbedit import feature, but then I have to remap SIDs, which I
have been unable to do.  Perhaps using tdbtool I could locate the NT
hash bytes and replace them, but this would be tedious.

Any thoughts?  Suggestions?

thanks,
Cooper


More information about the samba mailing list