[Samba] 'Scripted' machine account renewal?!
Kees van Vloten
keesvanvloten at gmail.com
Sun Mar 3 17:24:47 UTC 2024
On 03-03-2024 16:12, Marco Gaiarin via samba wrote:
> Mandi! Kees van Vloten via samba
> In chel di` si favelave...
>
>> There is "net changetrustpw" to do this.
> I've correctly just joined the firewall to the domain, i can check join
> status:
>
> root at vfwacpn1:~# net ads testjoin
> Join is OK
>
> but if i try to renew credentials i catch:
>
> root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8
> Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT
> Password change failed: No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections.
>
> Thanks.
>
Interesting, I tried running it with -d 10, it shows a lot of output.
But around the no more connections error, it show just that and no more
information.
Another thing I tried was "systemctl stop winbind" and then the "net
changetrustpw", but even then the same error occurs.
And I checked the machine's ldap record "pwdLastSet" attribute. Indeed
it shows that the password has not changed.
Is anybody aware of how to make this work? Or is this a bug?
Now I am wondering about the upcoming 4.20 release, it has the ability
to change service-account passwords if I am not mistaken. Would it also
manage machine-account passwords? Does anybody know?
- Kees.
More information about the samba
mailing list