Hi Aaron,
we've just identified this problem and thought you may be interested if you
haven't resolved
this already. The bind is failing because the admin account being used to join the
domain is a
member of too many groups (waiting to hear from M$ what constitutes too many) and as a
result the
Kerberos TGT is too large and the kpasswd service on the M$ DC just ignores the change
password
request. To work around this created an admin account with minimal group membership
and use this
to bind Samba boxes to AD.
Of course you may have a different issue with M$ ;-)
cheers Andy.
Thanks all. At least now I know it's not just me. I'll be watching
bugzilla with interest, and in the meantime I suppose standard Kerb will
have to do.
Aaron Grewell
Network Administrator
University of Washington Bothell
This e-mail (and any attachments) is confidential and may contain personal views which
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
