[Samba] machine password changed in secrets.tdb

Rajesh Ghanekar rajesh_ghanekar at symantec.com
Fri Jun 18 02:49:12 MDT 2010

    I see my machine password change in secrets.tdb. I am not sure who 
initiated it.
But can this happen automatically after "7 days" as mentioned in 
following link
initiated by someone else (PDC), other than smbd/winbindd?


   I am confused who changed it, but it got changed after 7 days. Can PDC
ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
But I see logs from winbindd that initiated the change after 7 days, but got
permission denied. Will the "denied message" cause the change to be 
in secrets.tdb? I am unsure of this, too:

2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 18:34:00.040611,  
0] rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
2010 Jun 14 18:34:00 xyz winbindd[31473]:   
rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED

Here is krb5.conf:

# cat /etc/krb5.conf
     default_realm = XYZ.COM

         kdc = xyz_ad
         admin_server = xyz_ad
         kpasswd_server = xyz_ad
         default_domain = XYZ.COM

     .kerberos.server = XYZ.COM

     kdc = FILE:/var/log/kdc.log
     kadmind = FILE:/var/log/kadmind.log

     pam = {
         ticket_lifetime = 3d
         renew_lifetime = 7d
         forwardable = true
         proxiable = false
         retain_after_close = false
         minimum_uid = 0
         debug = false


More information about the samba mailing list