[Samba] AD admin account being locked by Samba?

[Andrew Sherlock-CF]

Hi all,

I've recently used Samba to add a Red Hat Linux machine to an active
directory domain.

In order to do this I used:
net ads join fully.qualified.domain.name -U my-admin-account

...and then was asked for (and entered) my password...

The Samba share has been working great, as has authentication via Active
Directory!

The only trouble is that I used my own admin account to join the machine
to the domain.
This account has a forced password reset on it, and since I last changed
my password, the account keeps getting locked.

My Active Directory savvy colleagues have used various tools to track
this down to the afore-mentioned Red Hat box.
It appears to be trying to do something with my old password - and thus
locking my account out!

The Samba share continues to work regardless - it's just that I can't
use my admin-level account, which is making life difficult!

We're planning to work around this by creating an admin-level account in
Active Directory specifically for the purposes of joining Linux boxes to
the domain; but I'd like to know what is going on here regardless.

I thought that once you had Kerberos ticket and had joined the domain,
the admin account was finished with?

What might Samba doing with my Active Directory admin account?

Many thanks,
Andy

http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.