[Samba] DC with outdated secrets

Johannes Engel jcnengel at gmail.com
Sun Nov 3 12:37:37 UTC 2019


Dear list,

by mistake some script (msktutil) has updated machine password and keytab
for one of my DCs (samba-4.10.10). While I could restore the keytab
(/var/lib/samba/private/secrets.keytab) using samba-tool domain
exportkeytab, I fail to come up with a way to update the secrets file
(/var/lib/samba/private/secrets.ldb) with a new machine password.
Can you please help me with an idea how to fix this?
Currently I have a lot of these:

[2019/11/03 13:36:15.516141,  1]
../../source4/auth/gensec/gensec_gssapi.c:331(gensec_gssapi_client_creds)
  Wrong username or password: kinit for DC3$@MY.DOMAIN failed
(Preauthentication failed)

and subsequently failing DRS replication.
Thanks a lot!

Best regards
Johannes


More information about the samba mailing list