[Samba] machine password changed in secrets.tdb

Fri Jun 18 02:49:12 MDT 2010

Hi,
    I see my machine password change in secrets.tdb. I am not sure who 
initiated it.
But can this happen automatically after "7 days" as mentioned in 
following link
initiated by someone else (PDC), other than smbd/winbindd?

http://www.windowsnetworking.com/nt/registry/rtips295.shtml

   I am confused who changed it, but it got changed after 7 days. Can PDC
ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
But I see logs from winbindd that initiated the change after 7 days, but got
permission denied. Will the "denied message" cause the change to be 
persistent
in secrets.tdb? I am unsure of this, too:

2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 18:34:00.040611,  
0] rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
2010 Jun 14 18:34:00 xyz winbindd[31473]:   
rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED

Here is krb5.conf:

# cat /etc/krb5.conf
[libdefaults]
     default_realm = XYZ.COM

[realms]
XYZ.COM = {
         kdc = xyz_ad
         admin_server = xyz_ad
         kpasswd_server = xyz_ad
         default_domain = XYZ.COM
}

[domain_realm]
     .kerberos.server = XYZ.COM

[logging]
     default = SYSLOG:NOTICE:DAEMON
     kdc = FILE:/var/log/kdc.log
     kadmind = FILE:/var/log/kadmind.log

[appdefaults]
     pam = {
         ticket_lifetime = 3d
         renew_lifetime = 7d
         forwardable = true
         proxiable = false
         retain_after_close = false
         minimum_uid = 0
         debug = false
     }

Thanks,
Rajesh