[Samba] machine password changed in secrets.tdb
Rajesh Ghanekar
Rajesh_Ghanekar at symantec.com
Wed Jun 23 18:35:17 MDT 2010
I tested this further and its initiated by
"machine password timeout" option in
smb.conf which is 7 days default.
Brajesh Shrivastava wrote:
> Any reply to this mail?
>
>
> On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghanekar at symantec.com
> <mailto:rajesh_ghanekar at symantec.com>> wrote:
>
> Hi,
> I see my machine password change in secrets.tdb. I am not sure
> who initiated it.
> But can this happen automatically after "7 days" as mentioned in
> following link
> initiated by someone else (PDC), other than smbd/winbindd?
>
> http://www.windowsnetworking.com/nt/registry/rtips295.shtml
>
> I am confused who changed it, but it got changed after 7 days.
> Can PDC
> ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
> But I see logs from winbindd that initiated the change after 7
> days, but got
> permission denied. Will the "denied message" cause the change to
> be persistent
> in secrets.tdb? I am unsure of this, too:
>
> 2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14
> 18:34:00.040611, 0]
> rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
> 2010 Jun 14 18:34:00 xyz winbindd[31473]:
> rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED
>
>
> Here is krb5.conf:
>
> # cat /etc/krb5.conf
> [libdefaults]
> default_realm = XYZ.COM <http://XYZ.COM>
>
> [realms]
> XYZ.COM <http://XYZ.COM> = {
> kdc = xyz_ad
> admin_server = xyz_ad
> kpasswd_server = xyz_ad
> default_domain = XYZ.COM <http://XYZ.COM>
> }
>
> [domain_realm]
> .kerberos.server = XYZ.COM <http://XYZ.COM>
>
> [logging]
> default = SYSLOG:NOTICE:DAEMON
> kdc = FILE:/var/log/kdc.log
> kadmind = FILE:/var/log/kadmind.log
>
> [appdefaults]
> pam = {
> ticket_lifetime = 3d
> renew_lifetime = 7d
> forwardable = true
> proxiable = false
> retain_after_close = false
> minimum_uid = 0
> debug = false
> }
>
> Thanks,
> Rajesh
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list