Hello,
in secrets.tdb the passwords for machine accounts are stored (if I
understand correctly what "man 8 smbpasswd" says:
-j DOMAIN
This option is used to add a Samba server into a Windows NT
Domain, as a Domain member capable of authenticating user accounts to
any Domain Controller in the same way as a Windows NT Server. See the
security = domain option in the smb.conf(5) man page.
[...snip...]
When invoked with -U, that username (and optional password)
are used to contact the PDC (which must be specified with -r) to both
create a machine account, and to set a password on it.
Alternately, if -U is omitted, Samba will contact its PDC and
attempt to change the password on a pre-existing account.
[...snip...]
Either way, this password is then stored by smbpasswd in a
TDB, writeable only by root, called secrets.tdb
Since the machine account's password changes sometimes (every 7 days
per default if I remember correctly) the file also changes. You can
change this behaviour by editing the registry under Win.
See
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q175468
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q154501
If you compiled samba with the option "--with-ldapsam" then the
password for the admin account/DN is also stored insecrets.tdb.
-- Wolfi