[Samba] Changing the domain admin password
Steve Thompson
smt at vgersoft.com
Thu Apr 29 15:37:38 MDT 2010
On Tue, 6 Apr 2010, Steve Thompson wrote:
> Samba 3.x.y (various) on CentOS 5.4 x86_64 with the ldapsam backend; one PDC,
> two BDC's and about a dozen member servers. The configuration file on each of
> course specifies the "ldap admin dn" and each system has the associated
> password specified with "smbpasswd -w". Question is: how often is the ldap
> admin actually used for anything, such that if I change the real password
> associated with the account, how much grace do I get before I have the run
> "smbpasswd -w" on each member server, all without restarting smb?
No-one responded to this, so I did a little experiment. I changed the
password in the LDAP database for the account corresponding to ldap admin
dn, and then changed the password in secrets.tdb on all my Linux member
servers (+PDC+BDC) using "smbpasswd -w". Immediately (within a minute or
so) all windows clients joined to the domain and logged in to a domain
account hung. Changed the ldap admin dn password back to its former value,
and all the clients continued from where they were with no apparent ill
effects. So the question is: if the ldap admin dn password is changed, do
the clients have to be rejoined to the domain? I'd really like to change
this password periodically, so I hope that this is not the case. I've been
unable to find any documentation that touches on this point.
Steve
More information about the samba
mailing list