Samba refusing connection after machine account password change
abartlet at samba.org
Fri Apr 1 01:23:05 MDT 2011
On Sat, 2011-03-26 at 14:57 +0000, Sam Liddicott wrote:
> I have noticed that using samba4 client on a windows 2003 domain, if I
> sneakily change the samba machine account on the domain controller using:
> net user machine$ new-password /domain
> that ldbsearch -U machine -P `mymachinepw` to the domain controller will
> work (using the old password), but kinit will fail right away.
> I mention it here because some of the same concepts seem to be involved
> and it may help.
I think this is due to a 'feature' of Windows that allows the previous
password to be used over NTLM for at time, simulating the behaviour that
kerberos ticket caches have.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
More information about the samba-technical