Fixing the 'random trust password' issue
Andrew Bartlett
abartlet at samba.org
Fri Oct 17 05:28:56 GMT 2008
I've finally got back onto Samba4 work, and have committed a patch to
fix the behaviour when windows changes it's trust account password to a
random value.
We still don't get it perfectly correct (and will not produce AES or DES
keys for these accounts), but we will now accept the change, and
correctly update the MD4 password (nt hash).
Changes to create kerberos keys for these passwords are pending
shortly.
Note however that I've changed the provision script for the release - if
you want to keep your existing database, then you will need to edit the
@MODULES, @PARTITIONS and @KLUDGEACL magic DNs to match a fresh
provision. (I added a new attribute clearTextPassword to help with
this, and we need to ensure non-admins can't set it).
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20081017/8a53781a/attachment.bin
More information about the samba-technical
mailing list