[Samba] Changing the domain admin password

Steve Thompson smt at vgersoft.com
Thu Apr 29 15:37:38 MDT 2010

On Tue, 6 Apr 2010, Steve Thompson wrote:

> Samba 3.x.y (various) on CentOS 5.4 x86_64 with the ldapsam backend; one PDC, 
> two BDC's and about a dozen member servers. The configuration file on each of 
> course specifies the "ldap admin dn" and each system has the associated 
> password specified with "smbpasswd -w". Question is: how often is the ldap 
> admin actually used for anything, such that if I change the real password 
> associated with the account, how much grace do I get before I have the run 
> "smbpasswd -w" on each member server, all without restarting smb?

No-one responded to this, so I did a little experiment. I changed the 
password in the LDAP database for the account corresponding to ldap admin 
dn, and then changed the password in secrets.tdb on all my Linux member 
servers (+PDC+BDC) using "smbpasswd -w". Immediately (within a minute or 
so) all windows clients joined to the domain and logged in to a domain 
account hung. Changed the ldap admin dn password back to its former value, 
and all the clients continued from where they were with no apparent ill 
effects. So the question is: if the ldap admin dn password is changed, do 
the clients have to be rejoined to the domain? I'd really like to change 
this password periodically, so I hope that this is not the case. I've been 
unable to find any documentation that touches on this point.


More information about the samba mailing list