Hello! We have a school environment with Debian servers and Win2K clients. There are about 700 clients and 30 servers. There is piece of hardware installed on all clients the resets the changes made to the local disk at reboot. This seems to be a problem with Win2K changing machine account passwords every 30 days (according to MSDN). The server saves the password, the client resets it and domain logon is impossible ever after. Now I want to disable this password changing. It is possible with a Windows PDC using group policy (at least that's what Windows Admins told me). I found for Samba it's hardcoded in the sources. Would it be possible to make that an option for smb.conf? I'm not a C programming professional so I'm afraid of hacking the Samba source (especially with no similiar examples in the sources). Is there someone working on that kind of thing or are there any implications I do not know about? Thanks in advance, Florian -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le mercredi 10 Mars 2004 16:39, Florian Thiel a ?crit :> Hello!Hello ... i think i've the same problem ....> > We have a school environment with Debian servers and Win2K clients. > There are about 700 clients and 30 servers. There is piece of hardware > installed on all clients the resets the changes made to the local disk > at reboot.we are working with disk image ..but the problem is the same !> > This seems to be a problem with Win2K changing machine account passwords > every 30 days (according to MSDN). The server saves the password, the > client resets it and domain logon is impossible ever after.can you give me the URL reference where you see it ! i'm interested on the subject !> > Now I want to disable this password changing. It is possible with a > Windows PDC using group policy (at least that's what Windows Admins told > me). I found for Samba it's hardcoded in the sources. Would it be > possible to make that an option for smb.conf? I'm not a C programming > professional so I'm afraid of hacking the Samba source (especially with no > similiar examples in the sources). > > Is there someone working on that kind of thing or are there any > implications I do not know about?Can you give me the location on the source where you see that mayby i've two solution ... 1) juste backup the old passwd on your samba server en reinject it every night 2) a more clean ways to do :P : use gpedit.msc on your win2k workstation ( mmc componant) go to "windows parameter" "security setting" "local policies" "security options" and enable " prevent system maintenance of computer account password " ..... not sur of the result ... but you can try ;)> > Thanks in advance, > Florian > -- > Florian Thiel - Medienzentrum Kassel > Systembetreuung Internet- und Kommunikationstechnik > Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de- -- Matthieu Le Corre ------------------------------ CIE -- UFR sciences Universit? de Nantes 02-51-12-58-65 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAT0vDHj6Gj+ly9W4RAhjvAKDpvk2ygntMitwmbAvKcE7NtRGE7QCfahSG MwlbQ+Wrue8E5KXaa36y0xs=XKFR -----END PGP SIGNATURE-----
Gerald (Jerry) Carter schrieb:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Florian Thiel wrote: > > | Ooops, my fault. I only read the last line and thought > | you meant setting the clients is the best way to get rid > | of the whole problem. In fact you spoke of testing. Sure! > | Shame on me.... > > no problem. Let me know kif it works though. Would be > good to know whether I should look at the including the > patch in the main tree or just as a side item.In Samba2 it does not compile. Compiler output: ------- Compiling rpc_server/srv_netlog_nt.c Compiling rpc_server/srv_pipe_hnd.c Compiling rpc_server/srv_reg.c Compiling rpc_server/srv_reg_nt.c rpc_server/srv_reg_nt.c: In function `_reg_info': rpc_server/srv_reg_nt.c:143: `regvals' undeclared (first use in this function) rpc_server/srv_reg_nt.c:143: (Each undeclared identifier is reported only once rpc_server/srv_reg_nt.c:143: for each function it appears in.) rpc_server/srv_reg_nt.c:145: `val' undeclared (first use in this function) make: *** [rpc_server/srv_reg_nt.o] Error 1 ------- Code after patching: "source/rpc_server/srv_reg_nt.c" ----------------------- if (!uni_key || !buf) return NT_STATUS_NO_MEMORY; if ( strequal(name, "RefusePasswordChange") ) { uint32 dwValue = 0x1; regval_ctr_addvalue(®vals, "RefusePasswordChange", REG_DWORD, (const char*)&dwValue, sizeof(dwValue)); val = dup_registry_value( regval_ctr_specific_value( ®vals, 0 ) ); status = NT_STATUS_OK; goto out; } ----------------------- Does that help? -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de