Mikko Kortelainen
2003-Jan-21 09:34 UTC
VS: [Samba] Samba BDCs and machine trust account passwords
> IIRC the client should contact the PDC (domain<0x1b>). But can you > check the logs and see if the clients are trying to change it on > domain<0x1c> (any DC)? Thanks.Can you give me any hints on how to find such information in the log files? My log level is 5, and I can find some password change messages in the logs, but I don't know how to check if they are looking for any domain controller or just the PDC when they wish to change their passwords... Anyhow, I do find "Server Password Set Wksta:[XXX$]" type of messages in the log files of all of the servers, both the master and the slaves. So could this be indicating that the machines are actually communicating with the wrong server to change their passwords..? Can this be corrected with "security = server"? (Will it relay the password change to the server specified with "password server = ..."?) -- Mikko Kortelainen mikko.kortelainen@hut.fi -----Alkuper?inen viesti----- L?hett?j?: samba-admin@lists.samba.org [mailto:samba-admin@lists.samba.org] Puolesta Gerald (Jerry) Carter L?hetetty: 17. tammikuuta 2003 18:06 Vastaanottaja: Mikko Kortelainen Kopio: Andrew Bartlett; samba@lists.samba.org Aihe: Re: [Samba] Samba BDCs and machine trust account passwords -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 16 Jan 2003, Mikko Kortelainen wrote:> Here's (what I think is) the essential part from my SLAVE smb.conf: > > security = user > domain logons = yes > domain master = no > os level = 64 > local master = yes > preferred master = yes > > The MASTER configuration is the same except that the "domain master" > is set to yes. > > I've understood that the above configuration causes the workstations > to send their password updates to the MASTER. Am I wrong? If I am, is > there any way in 2.2.7 to correct this (either so that the > workstations change their passwords directly with the master, or that > the slave sends an update message to the master automatically). Or do > I have to go to 3.0 and LDAP? (which I'd rather not prefer, yet)IIRC the client should contact the PDC (domain<0x1b>). But can you check the logs and see if the clients are trying to change it on domain<0x1c> (any DC)? Thanks. jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+KCnMIR7qMdg1EfYRAqLgAJ9+pzlIMUa2DDvkmSvhjtXu8G3YAwCgqBju QdXB2xcEpWxTkiRujLsaGao=eQ/v -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba