> Can anyone tell me why net rpc samdump gets the correct LM and NT > password hashes, but net rpc vampire gets incorrect hashes? What's > funny is that vampire seems to produce consistent results, but > they're consistently wrong. > > Is it possible that the NT PDC doesn't trust the Samba server so > it gives it bad hashes?
I have a few more comments. 1. net rpc vampire does not set the machine or domain SID. This has to be done manually using net setlocalsid and net setdomainsid. Calling net rpc getsid appears to work but does not change anything. I have seen multiple other people with this same problem going back a couple years, so it appears to be a longstanding bug. 2. I checked the event log on the Windows NT PDC. It's interesting because each time I run the vampire command, it logs 2 or 5 5722 events in a row (the error is that the session setup from my samba BDC failed to authenticate with the error Access is denied.) This error is indicating an invalid machine password from Samba. Then immediately after the error messages I get two 5713 events, indicating that the full synchronization request from the BDC completed successfully. The first event refers to over 100 objects and the second event refers to a much smaller number. So despite the 5722 error, everything synchronizes. 3. The only evidence of any problem from the vampire command is the events logged on the PDC, and the invalid passwords. I tried deleting the trust account on the PDC and rejoining several times, with Samba on, off, and nmbd on and off. The result is always the same. The bad password hashes are always the same for each account. If I change a password on the PDC then run vampire again, the NT hash changes on the Samba box. It just seems like the NT hash is somehow being scrambled, but in a consistent way. 4. It does not seem to matter if I create the BDC trust account on the PDC using Server Manager, or whether I just join the domain using net rpc join. The former step seems unncessary. 5. Here is the stderr output from the vampire command: [2008/10/20 21:08:23, 0] passdb/pdb_tdb.c:tdb_update_samacct_only(1117) I did also save the debug level 10 output, but it really doesn't look to contain anything interesting. -Cooper -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
