[Samba] Change computer password

Arnaud FLORENT aflorent at iris-tech.fr
Thu Apr 2 14:06:30 UTC 2020


Hi Tobias

the computer password is set when the computer is joined to DC

the computer also change it periodically


this password must be synced between the compter and the DC else user 
can not login to the domain


changing the password with samba-tool, you will have different value on 
the computer and on the DC

so user will not be able to log in anymore



using computer password for radius allow joined computers to connect to 
network before user login.

else computer must wait for user to login to perform radius auth...


but you should not change the password with samba-tool


regards


Le 02/04/2020 à 10:54, Tobias Kirchhofer via samba a écrit :
> Maybe my question was to specific :)
>
> More general: does anybody know something about the „Computer 
> Password“ in Samba? For what is it needed by default?
>
> Thanks,
>
> Tobias
>
> On 31 Mar 2020, at 12:09, Tobias Kirchhofer via samba wrote:
>
>> Hi,
>>
>> we work on authenticating computers via 802.1x with Samba AD as 
>> backend of Radius. Everything looks promising.
>>
>> We ask ourselves if it is a good idea to use the machine account 
>> which are created by joining a computer to the AD.
>>
>> We can change machine account passwords with `samba-tool user 
>> setpassword COMPUTERNAME$` This works, we have SUCCESS with 
>> `eapol_test` on the Radius server.
>>
>> The question is if it is save to set and use the machine account 
>> password. Microsoft says a lot about this password: 
>> https://adsecurity.org/?p=280
>>
>> Does someone has an opinion or/and experience on that?
>>
>
>
-- 
Arnaud FLORENT
IRIS Technologies




More information about the samba mailing list