On Sat, 2004-03-27 at 00:36, Beast wrote: > * Andrew Bartlett <[EMAIL PROTECTED]> menulis: > > > > Well, congratulations. > > > most likely you need to rejoin all of your clients before running > > > rpc vampire. > > > > > > After this step is complete, you can then login from client to > > > samba domain without rejoining again. > > > > You should *never* have to rejoin clients. Ever. That is the point > > of a vampired system. If there are situations where you do have to > > rejoin > > Andrew, > > I'd loved to be wrong here, but i'm afraid not. > > I've just vampiring again using latest smbldap script, but it still > has weird results. Here's the summary, comparing pwdump.exe result vs > rpc vampire: > > 1. Machine has valid passwords (NT+LANMAN) in PWDUMP but only 1 NThash > on rpc-Vampire, passwd is different. > 2. Valid PWD, only NThash on VMP, but NTHASH in VMP is *same* as > LANMANHASH in PWD. > 3. No valid hash in PWD (only "****"), but has valid NTHASH in VMP. > 4. Valid PWD, valid VMP and both are same. > > On rpc-vampire, from total of 638 machine, 448 are only having > NTpassword hash entry. > > Is it ok for machine account to have only one hash? (i can not try it > right now because the site is on another city).
Only the NT password matters, except on 3.0.2 and 3.0.2a. Later CVS fixed an issue where the NT password not being present caused a bug (account would be marked disabled). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
