On Fri, Mar 28, 2003 at 11:50:34PM +1100, Andrew Bartlett wrote: >>>>> "Andrew" == Andrew Bartlett <[EMAIL PROTECTED]> writes:
Andrew> If you run 'smbpasswd -t' it should do it on demand. Eric> That doesn't seem to work Andrew> I didn't say it would work, just that it would be easier Andrew> to debug :-) True enough :-( Eric> Doesn't this present a potential security issue if the machine Eric> password never changes? Andrew> Small - basically if the 'bad guy' can figure out the Andrew> password by cryptographic or network brute force before Andrew> you change it, yes. If he is listening on the connection Andrew> always anyway, then they will observe the password change. Andrew> In short - keep it secret, and it's not too bad. >> [2003/03/27 15:33:15, 5, pid=25400] lib/util.c:(291) smb_bcc=0 >> [2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(518) >> write_socket(10,39) [2003/03/27 15:33:15, 6, pid=25400] >> lib/util_sock.c:(521) write_socket(10,39) wrote 39 [2003/03/27 >> 15:34:15, 3, pid=25400] smbd/sec_ctx.c:(329) setting sec ctx >> (0, 0) - sec_ctx_stack_ndx = 0 [2003/03/27 15:34:15, 5, >> pid=25400] smbd/uid.c:(217) change_to_root_user: now uid=(0,0) >> gid=(0,0) [2003/03/27 15:34:15, 10, pid=25400] >> smbd/process.c:(1137) timeout_processing: checking to see if >> machine account password need changing. [2003/03/27 15:34:15, >> 10, pid=25400] smbd/process.c:(1167) timeout_processing: >> machine account password last change time = (1046645657) Sun, >> 02 Mar 2003 17:54:17 EST. [2003/03/27 15:34:15, 0, pid=25400] >> rpc_client/cli_trust.c:(46) domain_client_validate: unable to >> fetch domain sid. Andrew> This certainly looks like an issue. Andrew> Have you tried rejoining the domain? No, I was hoping to avoid that as I don't control the domain and don't have domain admin rights. I have to open a ticket and have the machine account refreshed or deleted/recreated -- that can take time. I have several servers I have to upgrade and rejoining the domain would complicate the process and make it take longer. I don't believe it was necessary to rejoin for 2.2.5. However, if you think that rejoining the domain is the next logical step in debugging this, I'll give it a try. Would it be best to have the account refreshed or deleted/recreated? Alternatively, would it be better to try earlier 2.2.x versions and use smbpasswd -t in an attempt to find out which version broke it? -- Eric M. Boehm /"\ ASCII Ribbon Campaign [EMAIL PROTECTED] \ / No HTML or RTF in mail X No proprietary word-processing Respect Open Standards / \ files in mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba