Andrew Bartlett abartlet at samba.org
Sun Nov 29 02:25:31 MST 2009

On Sun, 2009-11-29 at 12:07 +0300, Matthieu Patou wrote:
> On 29/11/2009 10:02, Andrew Bartlett wrote:
> > On Fri, 2009-11-27 at 20:23 +0300, Matthieu Patou wrote:
> >    
> >> Andrew B,
> >>
> >> For a reason that I can't explain update_machine_account_password do not
> >> work properly to update the supplementalCredentials and that's why using
> >> smbclient for s4 against the updated tridge provision is failing
> >> (because it's provision use w2K8 domain level and everything is done so
> >> that aes is activated).
> >>
> >> I tried several trick and failed so a guru of this stuff is required.
> >> Note that setting the password with sbin/setpassword but things back in
> >> order (well once the kvno has been modified to put secrets.ldb and
> >> sam.ldb in sync)
> >>
> >> Could you have a look ?
> >>      
> > The easy answer it to simply use the same code as setpassword, whatever
> > that is.  (That way, we keep this script using well known and otherwise
> > tested code).
> >
> >    
> I tried also with the code of setpassword without success as I wrote in 
> my other email on this thread what maid the password change succeed for 
> the AES stuff is the fact that I used -s path_to_smb.conf when the 
> database is not located in the default path.

Ahh, that would be a problem.  We would be using the wrong realm and
domain.  We should store the domain in the @SAMBA_DSDB record, and build
the realm from the default basedn.  We should also reconsider whenever
we use lp_ctx in ldb. 

But using the right smb.conf is also required, and is the short and
long-term fix. 

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20091129/c0ea1513/attachment.pgp>

More information about the samba-technical mailing list