Fixing the 'random trust password' issue

Andrew Bartlett abartlet at
Fri Oct 17 05:28:56 GMT 2008

I've finally got back onto Samba4 work, and have committed a patch to
fix the behaviour when windows changes it's trust account password to a
random value.

We still don't get it perfectly correct (and will not produce AES or DES
keys for these accounts), but we will now accept the change, and
correctly update the MD4 password (nt hash).

Changes to create kerberos keys for these passwords are pending

Note however that I've changed the provision script for the release - if
you want to keep your existing database, then you will need to edit the
@MODULES, @PARTITIONS and @KLUDGEACL magic DNs to match a fresh
provision.  (I added a new attribute clearTextPassword to help with
this, and we need to ensure non-admins can't set it).

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list