[Samba] RE: How to verify the domain secret is good or bad?
By default machine account passwords are changed ever 7 days in MS world. you can change this via the machine password timeout smb.conf parameter. Hope this helps, Don -Original Message- From: Joey Collins [mailto:[EMAIL PROTECTED] Sent: Sunday, March 30, 2003 20:10 To: Gerald (Jerry) Carter Cc: Chere Zhou; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: How to verify the domain secret is good or bad? Gerald (Jerry) Carter wrote: [snip] Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. Samba periodially changes the password on the server. secrets.tdb should be in sync with this. Hi, Why does Samba do this? Does the secret expire after a certain period of time or is this done as a safety precaution? thanks, Joey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 30 Mar 2003, Joey Collins wrote: Why does Samba do this? Does the secret expire after a certain period of time or is this done as a safety precaution? See the machine password timeout smb.cinf(5) parameter. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+h7VnIR7qMdg1EfYRApCMAJ9kTmBqb4ILG8iFcu3FQmWSRf18IQCfeIob y9fw2uvjAFoAbRf33myoaFY= =grx5 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
Gerald (Jerry) Carter wrote: [snip] Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. Samba periodially changes the password on the server. secrets.tdb should be in sync with this. Hi, Why does Samba do this? Does the secret expire after a certain period of time or is this done as a safety precaution? thanks, Joey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 11 Mar 2003, Chere Zhou wrote: I know there is the command wbinfo -t. But when it says that could not check secret, how do I know it's the secret is bad, or something else wrong, like winbind went crazy maybe? winbindd has to be running to check the secret. Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. Samba periodially changes the password on the server. secrets.tdb should be in sync with this. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+b27kIR7qMdg1EfYRAjFkAJ9OwmyQjfz2wiHL8/WoWPfZhd+w0wCZAYJn 03pUnG6Vd0Nv8u0abJLmm14= =Did/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
- Original Message - From: Chere Zhou [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 3:40 PM Subject: How to verify the domain secret is good or bad? I know there is the command wbinfo -t. But when it says that could not check secret, how do I know it's the secret is bad, or something else wrong, like winbind went crazy maybe? Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. So my question is, in what condition that the secret can go bad? How do I check it? The pdc-secret thing is something I don't completely understand, but I *do* know that secret-testing is done loosely over the network. A bad secret does not mean conclusively that the secret is bad... it means that the test was not successful. So you can get secret is bad if for example the network is congested, etc. and the compare did not occur in time. Sometimes I've joined a domain and still got this error. If I wait 60 seconds are re-run wbinfo -t, I get a 'secret is good'. Also, I believe the secret can go bad if you change hostname or some other info. I'm not entirely sure what all the possible failures are. -Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
On Tuesday 11 March 2003 01:23 pm, Scott Prive wrote: - Original Message - From: Chere Zhou [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 3:40 PM Subject: How to verify the domain secret is good or bad? I know there is the command wbinfo -t. But when it says that could not check secret, how do I know it's the secret is bad, or something else wrong, like winbind went crazy maybe? Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. So my question is, in what condition that the secret can go bad? How do I check it? The pdc-secret thing is something I don't completely understand, but I *do* know that secret-testing is done loosely over the network. A bad secret does not mean conclusively that the secret is bad... it means that the test was not successful. So you can get secret is bad if for example the network is congested, etc. and the compare did not occur in time. Sometimes I've joined a domain and still got this error. If I wait 60 seconds are re-run wbinfo -t, I get a 'secret is good'. Also, I believe the secret can go bad if you change hostname or some other info. I'm not entirely sure what all the possible failures are. -Scott So, if I do not do anything like change hostname, ip or anything like that, my secret should potentially always be good? That's good to know. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to verify the domain secret is good or bad?
- Original Message - From: Chere Zhou [EMAIL PROTECTED] To: Scott Prive [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 4:49 PM Subject: Re: How to verify the domain secret is good or bad? On Tuesday 11 March 2003 01:23 pm, Scott Prive wrote: - Original Message - From: Chere Zhou [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 11, 2003 3:40 PM Subject: How to verify the domain secret is good or bad? I know there is the command wbinfo -t. But when it says that could not check secret, how do I know it's the secret is bad, or something else wrong, like winbind went crazy maybe? Also, sometimes I saw problems like wbinfo -t just says secret is bad, when all the daemons were running. It sure was good at some point before. So my question is, in what condition that the secret can go bad? How do I check it? The pdc-secret thing is something I don't completely understand, but I *do* know that secret-testing is done loosely over the network. A bad secret does not mean conclusively that the secret is bad... it means that the test was not successful. So you can get secret is bad if for example the network is congested, etc. and the compare did not occur in time. Sometimes I've joined a domain and still got this error. If I wait 60 seconds are re-run wbinfo -t, I get a 'secret is good'. Also, I believe the secret can go bad if you change hostname or some other info. I'm not entirely sure what all the possible failures are. -Scott So, if I do not do anything like change hostname, ip or anything like that, my secret should potentially always be good? That's good to know. I'm not sure about a lot of things, so don't make any bets on my advice OK? :-) always? For the short term, I believe that is true... a working secret stays valid so long as you don't change things. I do not know exactly know what all the possible triggers are for invalidating your secret. Secrets may have an expiration date (so you can't say 'always'), but if there is a use-by date, I do not know what it is. Someone else might. -Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
