[Samba] sambaRefuseMachinePwdChange policy in samba 3.0.28 (PLEASE ANSWER)

LiPi - lipixx at gmail.com
Thu Mar 26 10:01:20 GMT 2009


I think that the sambaRefuseMachinePwdChange refers to the Machine
Account password instead of Client Machine passwords:

spanish:
http://support.microsoft.com/kb/154501
english:
http://support.microsoft.com/?scid=kb%3Ben-us%3B154501&x=6&y=6

The process is aproximately like this:
1) A machine account is created  - (verified its a machine account
because of the appended "$")
2) A password is set on the machine account
3) The domain join is tested doing a netlogon with the newly created account
4) The password is stored in the secret database.

So, the client or user password is not the same than the machine password.

I think...

---


2009/3/26 Frank <frank at si.ct.upc.edu>:
> Hola, vaja, m'han enganxat.
> Efectivament soc de serveis informàtics del campus de Terrassa.
> Tu estàs a algun centre de càlcul? Si ho pots provar i ens dius que tal, ens
> fas in favor.
> Merci.
>
> Frank
>
> En/na LiPi - ha escrit:
>
> I will try it tomorrow with my ldap.
>
> Frank, Are you from the UPC? I'm there too, suposo que així
> m'entendras, del campus de Terrassa veig. :p
>
> 2009/3/25 Frank <frank at si.ct.upc.edu>:
>
>
> Thanks for your answer Eric,
>
> does someone else, those excellent gurus of Samba, can give us an answer?
> Thanks.
>
> Frank
>
> En/na Eric Roseme ha escrit:
>
>
> Frank wrote:
>
>
> Hi,
> we have a couple of Linux RHEL 5 samba servers in a domain, one as PDC
> and the other as BDC, and both with LDAP backends
> samba version is 3.0.28-1
> We want pc clients can't change their machine password using
> sambaRefuseMachinePwdChange policy, so we set it to 1 in LDAP
> But pc clients still can change their passwords, and we don't see any
> acces to sambaRefuseMachinePwdChange attribute on LDAP logs.
> Is it not used in this version yet? Must we do something special to use
> it?
>
>
>
> I saw the same thing in August of 2007:
>
> http://marc.info/?l=samba&m=118772246625319&w=2
>
> Which was never replied to.
>
> Eric Roseme
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
>
>


More information about the samba mailing list