I'm not sure this is true. All my other NT/2k servers seem to periodically
change their pw. I've included a security event log entry showing a server
called DB1 doing this:
020529 06:08:45 Security AuditSuccess Account Management 643 NT
AUTHORITY\SYSTEM DB1 Domain Policy Changed: Domain: Password Policy Domain
ID: DB1 Caller User Name: %{S-1-5-21-1417001333-308236825-839522115} Caller
Domain: DB1$ Caller Logon ID: CRS-DOMAIN Privileges: (0x0,0x3E7)
> -----Original Message-----
> From: Tom.Klopf@mms.gov [mailto:Tom.Klopf@mms.gov]
> Sent: Wednesday, May 29, 2002 1:54 PM
> To: bdrenni@catholicrelief.org
> Subject: RE: [Samba] change_trust_account_password failing
>
>
> Bruce,
> I'm not sure exactly what your whole situation is, but a
> machine account
> password should only be accessed/changed ONCE when the samba server
> initially joins the domain. Afterwards, it is assumed to be
> trusted on the
> domain by virtue of its "SID"/"key"/etc., and it should
> participate on the
> domain until you delete the key (i.e. delete your samba
> installation or the
> file it lives in) or change the netbios name of the server.
> If you need to rejoin a samba server to a domain, the
> machine account
> must FIRST be DELETED from the domain controller, and then
> READDED. The
> reason I emphasize is that some NT administrators have a hard
> time believing
> this, but it is certainly the case.
> Anyway, I don't know why you're getting this error once
> a day, since
> like I said this should happen only once at the initial
> domain joining.
> Make sure that machine it's logging info for is indeed your own samba
> server, and not some other client machine trying to talk to your samba
> server for validation for some reason.
>
>
> Hope that helps :)
>
>
> Thomas Klopf
> MMS - Gulf Region (ACS-GS contractor)
> Phone: 504.736.2444
> Mobile: 504.319.2600
>
>
> -----Original Message-----
> From: drenning, bruce [mailto:bdrenni@catholicrelief.org]
> Sent: Wednesday, May 29, 2002 10:54 AM
> To: 'samba@lists.samba.org'
> Subject: [Samba] change_trust_account_password failing
>
> samba 2.2.4 on RedHat 7.1
>
> everything is working. wbinfo -t reports a good secret. users
> can access
> shares. the samba server shows up in the browser & server manager.
>
> However, this server is not able to change the password on
> it's machine
> account. I log the following errors once a day:
>
> May 29 08:16:33 rhtemp1 smbd[5056]: domain_client_validate:
> unable to
> fetch domain sid.
> May 29 08:16:33 rhtemp1 smbd[5056]: [2002/05/29 08:16:33, 0]
> rpc_client/cli_trust.c:change_trust_account_password(246)
> May 29 08:16:33 rhtemp1 smbd[5056]: 2002/05/29 08:16:33 :
> change_trust_account_password: Failed to change password for domain
> CRS-DOMAIN.
>
> anyone know how to fix this?
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>