I tested this further and its initiated by
"machine password timeout" option in
smb.conf which is 7 days default.
Brajesh Shrivastava wrote:
Any reply to this mail?
On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghane...@symantec.com
<mailto:rajesh_ghane...@symantec.com>> wrote:
Hi,
I see my machine password change in secrets.tdb. I am not sure
who initiated it.
But can this happen automatically after "7 days" as mentioned in
following link
initiated by someone else (PDC), other than smbd/winbindd?
http://www.windowsnetworking.com/nt/registry/rtips295.shtml
I am confused who changed it, but it got changed after 7 days.
Can PDC
ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd?
But I see logs from winbindd that initiated the change after 7
days, but got
permission denied. Will the "denied message" cause the change to
be persistent
in secrets.tdb? I am unsure of this, too:
2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14
18:34:00.040611, 0]
rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password)
2010 Jun 14 18:34:00 xyz winbindd[31473]:
rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED
Here is krb5.conf:
# cat /etc/krb5.conf
[libdefaults]
default_realm = XYZ.COM <http://XYZ.COM>
[realms]
XYZ.COM <http://XYZ.COM> = {
kdc = xyz_ad
admin_server = xyz_ad
kpasswd_server = xyz_ad
default_domain = XYZ.COM <http://XYZ.COM>
}
[domain_realm]
.kerberos.server = XYZ.COM <http://XYZ.COM>
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 3d
renew_lifetime = 7d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Thanks,
Rajesh
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
