VS: [Samba] Samba BDCs and machine trust account passwords

Mikko Kortelainen mkortela at cc.hut.fi
Tue Jan 21 09:34:01 GMT 2003 

> IIRC the client should contact the PDC (domain<0x1b>).  But can you
> check the logs and see if the clients are trying to change it on
> domain<0x1c> (any DC)?  Thanks.

Can you give me any hints on how to find such information in the log files? My log level is 5, and I can find some password change messages in the logs, but I don't know how to check if they are looking for any domain controller or just the PDC when they wish to change their passwords...

Anyhow, I do find "Server Password Set Wksta:[XXX$]" type of messages in the log files of all of the servers, both the master and the slaves. So could this be indicating that the machines are actually communicating with the wrong server to change their passwords..? Can this be corrected with "security = server"? (Will it relay the password change to the server specified with "password server = ..."?)

--
Mikko Kortelainen
mikko.kortelainen at hut.fi

-----Alkuperäinen viesti-----
Lähettäjä: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org] Puolesta Gerald (Jerry) Carter
Lähetetty: 17. tammikuuta 2003 18:06
Vastaanottaja: Mikko Kortelainen
Kopio: Andrew Bartlett; samba at lists.samba.org
Aihe: Re: [Samba] Samba BDCs and machine trust account passwords


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 16 Jan 2003, Mikko Kortelainen wrote:

> Here's (what I think is) the essential part from my SLAVE smb.conf:
> 
>   security = user
>   domain logons = yes
>   domain master = no
>   os level = 64
>   local master = yes
>   preferred master = yes
> 
> The MASTER configuration is the same except that the "domain master" 
> is set to yes.
> 
> I've understood that the above configuration causes the workstations 
> to send their password updates to the MASTER. Am I wrong? If I am, is 
> there any way in 2.2.7 to correct this (either so that the 
> workstations change their passwords directly with the master, or that 
> the slave sends an update message to the master automatically). Or do 
> I have to go to 3.0 and LDAP? (which I'd rather not prefer, yet)

IIRC the client should contact the PDC (domain<0x1b>).  But can you check 
the logs and see if the clients are trying to change it on domain<0x1c> 
(any DC)?  Thanks.



jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+KCnMIR7qMdg1EfYRAqLgAJ9+pzlIMUa2DDvkmSvhjtXu8G3YAwCgqBju
QdXB2xcEpWxTkiRujLsaGao=
=eQ/v
-----END PGP SIGNATURE-----

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list