[Samba] change_trust_account_password failing

drenning, bruce bdrenni at catholicrelief.org
Wed May 29 11:53:03 GMT 2002 

I'm not sure this is true. All my other NT/2k servers seem to periodically
change their pw. I've included a security event log entry showing a server
called DB1 doing this:

020529 06:08:45 Security AuditSuccess Account Management 643 NT
AUTHORITY\SYSTEM DB1 Domain Policy Changed: Domain: Password Policy Domain
ID: DB1 Caller User Name: %{S-1-5-21-1417001333-308236825-839522115} Caller
Domain: DB1$ Caller Logon ID: CRS-DOMAIN Privileges: (0x0,0x3E7)



> -----Original Message-----
> From: Tom.Klopf at mms.gov [mailto:Tom.Klopf at mms.gov]
> Sent: Wednesday, May 29, 2002 1:54 PM
> To: bdrenni at catholicrelief.org
> Subject: RE: [Samba] change_trust_account_password failing
> 
> 
> Bruce, 
>    I'm not sure exactly what your whole situation is, but a 
> machine account
> password should only be accessed/changed ONCE when the samba server
> initially joins the domain.  Afterwards, it is assumed to be 
> trusted on the
> domain by virtue of its "SID"/"key"/etc., and it should 
> participate on the
> domain until you delete the key (i.e. delete your samba 
> installation or the
> file it lives in) or change the netbios name of the server. 
>     If you need to rejoin a samba server to a domain, the 
> machine account
> must FIRST be DELETED from the domain controller, and then 
> READDED.  The
> reason I emphasize is that some NT administrators have a hard 
> time believing
> this, but it is certainly the case. 
>      Anyway, I don't know why you're getting this error once 
> a day, since
> like I said this should happen only once at the initial 
> domain joining.
> Make sure that machine it's logging info for is indeed your own samba
> server, and not some other client machine trying to talk to your samba
> server for validation for some reason.
> 
> 
> Hope that helps :)
> 
> 
> Thomas Klopf
> MMS - Gulf Region (ACS-GS contractor)
> Phone: 504.736.2444
> Mobile: 504.319.2600
>  
> 
> -----Original Message-----
> From: drenning, bruce [mailto:bdrenni at catholicrelief.org] 
> Sent: Wednesday, May 29, 2002 10:54 AM
> To: 'samba at lists.samba.org'
> Subject: [Samba] change_trust_account_password failing
> 
> samba 2.2.4 on RedHat 7.1
> 
> everything is working. wbinfo -t reports a good secret. users 
> can access
> shares. the samba server shows up in the browser & server manager.
> 
> However, this server is not able to change the password on 
> it's machine
> account. I log the following errors once a day:
> 
> May 29 08:16:33 rhtemp1 smbd[5056]:   domain_client_validate: 
> unable to
> fetch domain sid. 
> May 29 08:16:33 rhtemp1 smbd[5056]: [2002/05/29 08:16:33, 0]
> rpc_client/cli_trust.c:change_trust_account_password(246) 
> May 29 08:16:33 rhtemp1 smbd[5056]:   2002/05/29 08:16:33 :
> change_trust_account_password: Failed to change password for domain
> CRS-DOMAIN.
> 
> anyone know how to fix this?
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

More information about the samba mailing list