[Samba] machine password changed in secrets.tdb

[Brajesh Shrivastava]

Any reply to this mail?


On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghanekar at symantec.com> wrote:

> Hi,
>   I see my machine password change in secrets.tdb. I am not sure who
> initiated it.
> But can this happen automatically after "7 days" as mentioned in following
> link
> initiated by someone else (PDC), other than smbd/winbindd?
>
> http://www.windowsnetworking.com/nt/registry/rtips295.shtml
>
>  I am confused who changed it, but it got changed after 7 days. Can PDC
> ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
> But I see logs from winbindd that initiated the change after 7 days, but
> got
> permission denied. Will the "denied message" cause the change to be
> persistent
> in secrets.tdb? I am unsure of this, too:
>
> 2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 18:34:00.040611,  0]
> rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
> 2010 Jun 14 18:34:00 xyz winbindd[31473]:   rpccli_netr_ServerPasswordSet2
> failed: NT_STATUS_ACCESS_DENIED
>
>
> Here is krb5.conf:
>
> # cat /etc/krb5.conf
> [libdefaults]
>    default_realm = XYZ.COM
>
> [realms]
> XYZ.COM = {
>        kdc = xyz_ad
>        admin_server = xyz_ad
>        kpasswd_server = xyz_ad
>        default_domain = XYZ.COM
> }
>
> [domain_realm]
>    .kerberos.server = XYZ.COM
>
> [logging]
>    default = SYSLOG:NOTICE:DAEMON
>    kdc = FILE:/var/log/kdc.log
>    kadmind = FILE:/var/log/kadmind.log
>
> [appdefaults]
>    pam = {
>        ticket_lifetime = 3d
>        renew_lifetime = 7d
>        forwardable = true
>        proxiable = false
>        retain_after_close = false
>        minimum_uid = 0
>        debug = false
>    }
>
> Thanks,
> Rajesh
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>