Steffen Prohaska
2003-Aug-08 16:30 UTC
[Samba] smbpasswd -m, changing account to a machine account.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I had a problem with smbpasswd -m The man pages says: -m This option tells smbpasswd that the account being changed is a MACHINE account. Currently this is used when Samba is being used as an NT Primary Domain Controller. This option is only available when running smb- passwd as root. Before samba-2.2.8a the behaviour was as expected. If I ran 'smbpasswd -m -a machine$' on an existing account the account was reset and could be used as a machine account. In samba-2.2.8a and in the current 2_2 branch in the cvs the behaviour is different. The account will not be changed into a machine account but stays as it was before, a user account. This is a little bit confusing because trying to add a machine to the domain failes with "Specified user already exists". I appended a patch which could solve the problem. It changes passdb.c to assure that local_password_change always honors the LOCAL_TRUST_ACCOUNT flag. The current cvs only uses it when adding an account. It's not a bug but an annoying behaviour. But why do you want such stupid things? Changing a user account to a machine account doesn't make sense to me? Well we use it to create a dummy account in our ldap tree to keep all the machines separated from the users. smbpasswd is used afterwards to setup the already existing account. It might not be the most straight forward way. But for historical reasons it grew like this. In any case I'd expect the -m flag to work always, not only during creation of a new account. Regards, Steffen Prohaska - --- source/passdb/passdb.c Wed Mar 5 00:35:51 2003 +++ /Users/bzfproha/passdb-my.c Fri Aug 8 18:11:19 2003 @@ -1001,6 +1001,13 @@ } } + /* Assure that the workstation trust account flag is properly updated. + */ + if (local_flags & LOCAL_TRUST_ACCOUNT) { + pdb_set_acct_ctrl(sam_pass,(pdb_get_acct_ctrl(sam_pass)|ACB_WSTRUST)&(~A CB_NORMAL)); + } else { + pdb_set_acct_ctrl(sam_pass,(pdb_get_acct_ctrl(sam_pass)|ACB_NORMAL)&(~AC B_WSTRUST)); + } if(!pdb_update_sam_account(sam_pass, True)) { slprintf(err_str, err_str_len-1, "Failed to modify entry for user %s.\n", user_name); pdb_free_sam(sam_pass); - ---------------------------------------------------------------------- Zuse Institute Berlin, Takustrasse 7 D-14195 Berlin-Dahlem, Germany phone: +49 (30) 841 85-337, fax: +49 (30) 841 85-107 email: prohaska@zib.de, web: http://www.zib.de - ---------------------------------------------------------------------- PGP Public Key: http://www.zib.de/prohaska/prohaska.pgp Key id: 0xDA749299 Key fingerprint: 8B59 83A8 A43D E0E2 DEDB D479 3157 2FEA DA74 9299 - ---------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/M9A5MVcv6tp0kpkRAl0JAJ9/+CNL1e77WQlfnww0OYksBuoNUwCfUvKo IjV98/qdNfKE4UwVy5yAHYk=EdWP -----END PGP SIGNATURE-----