RFC: Add some functionality to net ads changetrustpw

Rowland penny rpenny at samba.org
Wed Nov 13 16:01:44 UTC 2019

On 13/11/2019 15:23, Noel Power wrote:
> On 13/11/2019 15:05, Rowland penny via samba-technical wrote:
>> On 13/11/2019 14:26, Noel Power via samba-technical wrote:
>>> Hi,
>>> I have a patch here resulting from a customer request where they wish to
>>> be able to periodically run a command to trust pw after a number of days
>>> has expired (so something they can run in cron job) The would be
>>> something similar to what winbind does with 'machine password timeout'
>>> param. So this is something to be used when winbind isn't used.
>> Now I am probably missing something here, but doesn't kerberos use the
>> machine password (which means ads) and this means winbind must be
>> running (at least from 4.8.0)
> I don't recall which samba version this was reported against, but then
> again I am not entirely sure about if it isn't possible to run without
> winbind in more recent versions.
> Also I believe it's possible to run with sssd and no winbind

Sorry, but you must have missed the 'using sssd with Samba is no longer 
supported' discussion. If you use 'security = ADS' or 'security = 
domain' with Samba >= 4.8.0, you must run winbind, see here:



More information about the samba-technical mailing list