[Samba] smbpasswd -m, changing account to a machine account.

Steffen Prohaska prohaska at zib.de
Fri Aug 8 16:30:44 GMT 2003 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
I had a problem with
	smbpasswd -m

The man pages says:
       -m     This option tells smbpasswd that the account  being
               changed  is  a  MACHINE  account. Currently this is
               used when Samba is being  used  as  an  NT  Primary
               Domain Controller.

               This  option  is  only  available when running smb-
               passwd as root.

Before samba-2.2.8a the behaviour was as expected.
If I ran 'smbpasswd -m -a machine$' on an existing account
the account was reset and could be used as a machine account.
In samba-2.2.8a and in the current 2_2 branch in the cvs the
behaviour is different. The account will not be changed into a
machine account but stays as it was before, a user account.
This is a little bit confusing because trying to add a machine
to the domain failes with "Specified user already exists".

I appended a patch which could solve the problem. It changes
passdb.c to assure that local_password_change always
honors the LOCAL_TRUST_ACCOUNT flag. The current
cvs only uses it when adding an account.

It's not a bug but an annoying behaviour.

But why do you want such stupid things? Changing a user
account to a machine account doesn't make sense to me?

Well we use it to create a dummy account in our ldap tree to
keep all the machines separated from the users.
smbpasswd is used afterwards to setup the already
existing account. It might not be the most straight forward
way. But for historical reasons it grew like this.
In any case I'd expect the -m flag to work always, not only
during creation of a new account.

	Regards,

		Steffen Prohaska

- --- source/passdb/passdb.c      Wed Mar  5 00:35:51 2003
+++ /Users/bzfproha/passdb-my.c Fri Aug  8 18:11:19 2003
@@ -1001,6 +1001,13 @@
                 }
         }

+       /* Assure that the workstation trust account flag is properly  
updated.
+        */
+       if (local_flags & LOCAL_TRUST_ACCOUNT) {
+                
pdb_set_acct_ctrl(sam_pass,(pdb_get_acct_ctrl(sam_pass)|ACB_WSTRUST)&(~A 
CB_NORMAL));
+       } else {
+                
pdb_set_acct_ctrl(sam_pass,(pdb_get_acct_ctrl(sam_pass)|ACB_NORMAL)&(~AC 
B_WSTRUST));
+       }
         if(!pdb_update_sam_account(sam_pass, True)) {
                 slprintf(err_str, err_str_len-1, "Failed to modify  
entry for user %s.\n", user_name);
                 pdb_free_sam(sam_pass);


- ----------------------------------------------------------------------
Zuse Institute Berlin, Takustrasse 7
D-14195 Berlin-Dahlem, Germany
phone: +49 (30) 841 85-337, fax: +49 (30) 841 85-107
email: prohaska at zib.de, web: http://www.zib.de
- ----------------------------------------------------------------------
PGP Public Key: http://www.zib.de/prohaska/prohaska.pgp
Key id: 0xDA749299
Key fingerprint: 8B59 83A8 A43D E0E2 DEDB  D479 3157 2FEA DA74 9299
- ----------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)

iD8DBQE/M9A5MVcv6tp0kpkRAl0JAJ9/+CNL1e77WQlfnww0OYksBuoNUwCfUvKo
IjV98/qdNfKE4UwVy5yAHYk=
=EdWP
-----END PGP SIGNATURE-----

More information about the samba mailing list