RFC: Add some functionality to net ads changetrustpw

Noel Power NoPower at suse.com
Wed Nov 13 15:23:43 UTC 2019

On 13/11/2019 15:05, Rowland penny via samba-technical wrote:
> On 13/11/2019 14:26, Noel Power via samba-technical wrote:
>> Hi,
>> I have a patch here resulting from a customer request where they wish to
>> be able to periodically run a command to trust pw after a number of days
>> has expired (so something they can run in cron job) The would be
>> something similar to what winbind does with 'machine password timeout'
>> param. So this is something to be used when winbind isn't used.
> Now I am probably missing something here, but doesn't kerberos use the
> machine password (which means ads) and this means winbind must be
> running (at least from 4.8.0)

I don't recall which samba version this was reported against, but then
again I am not entirely sure about if it isn't possible to run without
winbind in more recent versions.

Also I believe it's possible to run with sssd and no winbind

And the 'machine password timeout' works only with a subset of the
'kerberos method' values


More information about the samba-technical mailing list