VS: [Samba] Samba BDCs and machine trust account passwords
mkortela at cc.hut.fi
Tue Jan 21 09:34:01 GMT 2003
> IIRC the client should contact the PDC (domain<0x1b>). But can you
> check the logs and see if the clients are trying to change it on
> domain<0x1c> (any DC)? Thanks.
Can you give me any hints on how to find such information in the log files? My log level is 5, and I can find some password change messages in the logs, but I don't know how to check if they are looking for any domain controller or just the PDC when they wish to change their passwords...
Anyhow, I do find "Server Password Set Wksta:[XXX$]" type of messages in the log files of all of the servers, both the master and the slaves. So could this be indicating that the machines are actually communicating with the wrong server to change their passwords..? Can this be corrected with "security = server"? (Will it relay the password change to the server specified with "password server = ..."?)
mikko.kortelainen at hut.fi
Lähettäjä: samba-admin at lists.samba.org [mailto:samba-admin at lists.samba.org] Puolesta Gerald (Jerry) Carter
Lähetetty: 17. tammikuuta 2003 18:06
Vastaanottaja: Mikko Kortelainen
Kopio: Andrew Bartlett; samba at lists.samba.org
Aihe: Re: [Samba] Samba BDCs and machine trust account passwords
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 16 Jan 2003, Mikko Kortelainen wrote:
> Here's (what I think is) the essential part from my SLAVE smb.conf:
> security = user
> domain logons = yes
> domain master = no
> os level = 64
> local master = yes
> preferred master = yes
> The MASTER configuration is the same except that the "domain master"
> is set to yes.
> I've understood that the above configuration causes the workstations
> to send their password updates to the MASTER. Am I wrong? If I am, is
> there any way in 2.2.7 to correct this (either so that the
> workstations change their passwords directly with the master, or that
> the slave sends an update message to the master automatically). Or do
> I have to go to 3.0 and LDAP? (which I'd rather not prefer, yet)
IIRC the client should contact the PDC (domain<0x1b>). But can you check
the logs and see if the clients are trying to change it on domain<0x1c>
(any DC)? Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/
-----END PGP SIGNATURE-----
To unsubscribe from this list go to the following URL and read the
More information about the samba