[Samba] 'Scripted' machine account renewal?!
Rowland Penny
rpenny at samba.org
Mon Mar 4 10:34:33 UTC 2024
On Sun, 3 Mar 2024 21:34:57 +0100
Kees van Vloten via samba <samba at lists.samba.org> wrote:
>
> On 03-03-2024 19:42, Rowland Penny via samba wrote:
> > On Sun, 3 Mar 2024 16:12:04 +0100
> > Marco Gaiarin via samba <samba at lists.samba.org> wrote:
> >
> >> Mandi! Kees van Vloten via samba
> >> In chel di` si favelave...
> >>
> >>> There is "net changetrustpw" to do this.
> >> I've correctly just joined the firewall to the domain, i can check
> >> join status:
> >>
> >> root at vfwacpn1:~# net ads testjoin
> >> Join is OK
> >>
> >> but if i try to renew credentials i catch:
> >>
> >> root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8
> >> Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT
> >> Password change failed: No more connections can be made to
> >> this remote computer at this time because the computer has already
> >> accepted the maximum number of connections.
> >>
> >> Thanks.
> >>
> > Just a thought and I could be barking up the wrong tree, but it
> > looks like the password change is carried out using kerberos, so
> > perhaps using an ipaddress isn't helping, try with a dns name
> > instead, or even without anything.
> >
> > Rowland
> >
> I just tried the plain command: "net changetrustpw", it produces
> exactly the same error.
>
> Does it work for you?
Yes.
The pwdLastSet attribute on one of my Unix domain members contained
'133536695921832590', which in Unix is '1709195992', which is 'Thu 29
Feb 08:39:52 GMT 2024'
I then ran 'sudo net ads changetrustpasswd' on the Unix domain member
and pwdLastSet now contains '133540193075029970', which is
'1709545707', which is 'Mon 4 Mar 09:48:27 GMT 2024'
Rowland
More information about the samba
mailing list