machine password changed in secrets.tdb
in [Samba]
|
Prev: Persistent connections to Samba in Windows
Next: Samba Transfer Efficiency (undocumented perf hint for Win7 gives 10X write speeds)
From: Brajesh Shrivastava on 20 Jun 2010 10:50 Any reply to this mail? On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghanekar(a)symantec.com> wrote: > Hi, > I see my machine password change in secrets.tdb. I am not sure who > initiated it. > But can this happen automatically after "7 days" as mentioned in following > link > initiated by someone else (PDC), other than smbd/winbindd? > > http://www.windowsnetworking.com/nt/registry/rtips295.shtml > > I am confused who changed it, but it got changed after 7 days. Can PDC > ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd? > But I see logs from winbindd that initiated the change after 7 days, but > got > permission denied. Will the "denied message" cause the change to be > persistent > in secrets.tdb? I am unsure of this, too: > > 2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 18:34:00.040611, 0] > rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password) > 2010 Jun 14 18:34:00 xyz winbindd[31473]: rpccli_netr_ServerPasswordSet2 > failed: NT_STATUS_ACCESS_DENIED > > > Here is krb5.conf: > > # cat /etc/krb5.conf > [libdefaults] > default_realm = XYZ.COM > > [realms] > XYZ.COM = { > kdc = xyz_ad > admin_server = xyz_ad > kpasswd_server = xyz_ad > default_domain = XYZ.COM > } > > [domain_realm] > .kerberos.server = XYZ.COM > > [logging] > default = SYSLOG:NOTICE:DAEMON > kdc = FILE:/var/log/kdc.log > kadmind = FILE:/var/log/kadmind.log > > [appdefaults] > pam = { > ticket_lifetime = 3d > renew_lifetime = 7d > forwardable = true > proxiable = false > retain_after_close = false > minimum_uid = 0 > debug = false > } > > Thanks, > Rajesh > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Rajesh Ghanekar on 24 Jun 2010 02:20
I tested this further and its initiated by "machine password timeout" option in smb.conf which is 7 days default. Brajesh Shrivastava wrote: > Any reply to this mail? > > > On 18 June 2010 14:19, Rajesh Ghanekar <rajesh_ghanekar(a)symantec.com > <mailto:rajesh_ghanekar(a)symantec.com>> wrote: > > Hi, > I see my machine password change in secrets.tdb. I am not sure > who initiated it. > But can this happen automatically after "7 days" as mentioned in > following link > initiated by someone else (PDC), other than smbd/winbindd? > > http://www.windowsnetworking.com/nt/registry/rtips295.shtml > > I am confused who changed it, but it got changed after 7 days. > Can PDC > ask smbd/winbindd to change this? Or it is initiated by smbd/winbindd? > But I see logs from winbindd that initiated the change after 7 > days, but got > permission denied. Will the "denied message" cause the change to > be persistent > in secrets.tdb? I am unsure of this, too: > > 2010 Jun 14 18:34:00 xyz winbindd[31473]: [2010/06/14 > 18:34:00.040611, 0] > rpc_client/cli_netlogon.c:563(rpccli_netlogon_set_trust_password) > 2010 Jun 14 18:34:00 xyz winbindd[31473]: > rpccli_netr_ServerPasswordSet2 failed: NT_STATUS_ACCESS_DENIED > > > Here is krb5.conf: > > # cat /etc/krb5.conf > [libdefaults] > default_realm = XYZ.COM <http://XYZ.COM> > > [realms] > XYZ.COM <http://XYZ.COM> = { > kdc = xyz_ad > admin_server = xyz_ad > kpasswd_server = xyz_ad > default_domain = XYZ.COM <http://XYZ.COM> > } > > [domain_realm] > .kerberos.server = XYZ.COM <http://XYZ.COM> > > [logging] > default = SYSLOG:NOTICE:DAEMON > kdc = FILE:/var/log/kdc.log > kadmind = FILE:/var/log/kadmind.log > > [appdefaults] > pam = { > ticket_lifetime = 3d > renew_lifetime = 7d > forwardable = true > proxiable = false > retain_after_close = false > minimum_uid = 0 > debug = false > } > > Thanks, > Rajesh > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |