3.0Alpha21 and W2K AD 'dorking' Samba machine acct?
Nik Conwell
nik at bu.edu
Wed Feb 12 14:30:51 GMT 2003
On Thu, 30 Jan 2003, Andrew Bartlett wrote:
> On Thu, 2003-01-30 at 23:32, Nik Conwell wrote:
> >
> > Anybody seeing a scenario like this?
> >
> > net ads join adds our machine entry to AD just fine.
> >
> > The machine entry object in the AD database has:
> >
> > OperatingSystem "Samba"
> > OperatingSystemVersion "post3.0-HEAD"
> > dnsHostname "ourhost"
> >
> > Some time later "something" happened, and AD now has:
> >
> > OperatingSystem "Windows"
> > OperatingSystemVersion "NT 4"
> > dnsHostname is empty.
> >
> > and then authentication to ourhost fails.
>
> Something is doing a NT4 password change. This can occur if
> 'security=domain' is set, rather than 'security=ads'.
>
> Or if 'net rpc changetrustpw' is run.
Interesting - security=ads is set in the config, and neither of the two of us
who have privs to do the net cmds have run changetrustpw (or knew what it was
before you wrote about it ;-))
I have an unverified pet theory that under some circumstances the smbd may think
it's running as security=domain (unable to read the config file due to it being
unmounted - it's on NFS disk - or since the file doesn't have o=r). I'll put
some DEBUG logging statements near change_trust_account_password() to see if
we're somehow getting there.
Thanks for your help.
-nik
More information about the samba-technical
mailing list