[Samba] machine password changed in secrets.tdb

Rajesh Ghanekar Rajesh_Ghanekar at symantec.com
Wed Jun 23 18:35:17 MDT 2010


I tested this further and its initiated by
"machine password timeout" option in
smb.conf which is 7 days default.

Brajesh Shrivastava wrote:
> Any reply to this mail?
>
>
> On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghanekar at symantec.com 
> <mailto:rajesh_ghanekar at symantec.com>> wrote:
>
>     Hi,
>       I see my machine password change in secrets.tdb. I am not sure
>     who initiated it.
>     But can this happen automatically after "7 days" as mentioned in
>     following link
>     initiated by someone else (PDC), other than smbd/winbindd?
>
>     http://www.windowsnetworking.com/nt/registry/rtips295.shtml
>
>      I am confused who changed it, but it got changed after 7 days.
>     Can PDC
>     ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
>     But I see logs from winbindd that initiated the change after 7
>     days, but got
>     permission denied. Will the "denied message" cause the change to
>     be persistent
>     in secrets.tdb? I am unsure of this, too:
>
>     2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14
>     18:34:00.040611,  0]
>     rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
>     2010 Jun 14 18:34:00 xyz winbindd[31473]:  
>     rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED
>
>
>     Here is krb5.conf:
>
>     # cat /etc/krb5.conf
>     [libdefaults]
>        default_realm = XYZ.COM <http://XYZ.COM>
>
>     [realms]
>     XYZ.COM <http://XYZ.COM> = {
>            kdc = xyz_ad
>            admin_server = xyz_ad
>            kpasswd_server = xyz_ad
>            default_domain = XYZ.COM <http://XYZ.COM>
>     }
>
>     [domain_realm]
>        .kerberos.server = XYZ.COM <http://XYZ.COM>
>
>     [logging]
>        default = SYSLOG:NOTICE:DAEMON
>        kdc = FILE:/var/log/kdc.log
>        kadmind = FILE:/var/log/kadmind.log
>
>     [appdefaults]
>        pam = {
>            ticket_lifetime = 3d
>            renew_lifetime = 7d
>            forwardable = true
>            proxiable = false
>            retain_after_close = false
>            minimum_uid = 0
>            debug = false
>        }
>
>     Thanks,
>     Rajesh
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list