Hi.... I am using Samba 3.0.2 with LDAP as the passdb backend for both user accounts and for machine accounts.
I have noticed something which looks a bit strange. It seems that at least some machines (I don't think all machines, but can't be sure as of yet) appear to be having sambaPwdCanChange and sambaPwdLastChange modified in their account entry in the LDAP tree..... I thought that the only time any machine account attributes would be added/altered is when the machine account is initially added. One machine seems to be having these attributes in its machine account altered every 15 minutes.....other machines seem to only have this occur once or twice. Another strange thing I have noticed is that for all of these machines, both the sambaLMPassword and sambaNTPassword hashes are identical.....I thought that these would/should always be different (open to correction on this ;-).... Everything seems to work OK, but this is generating some load on our LDAP servers (master and replicas) and also I am concerned that perhaps we have been hacked or perhaps a Windoze virus is causing this to happen. However, I am not aware of any viruses which attack an NT domain server and cause machine accounts to be altered.....besides, the virus would need to know a login/password with sufficient privilege to update the machine account via samba. Could this be a hack or a virus? Or is there any setting in Windoze (registry or something) which would cause a machine to try to update its machine account in some way? Or is there anything else which might cause this (eg: a difference in the time on samba and LDAP servers?)? Sorry if this seems a but vague and lacking any more detail, but I am baffled myself. If anyone has any suggestions or advice I would be most grateful. Thanx in advance. Chris Bradshaw -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba