Hi Aaron,
we've just identified this problem and thought you may be interested if you
haven't resolved
this already. The bind is failing because the admin account being used to join
the domain is a
member of too many groups (waiting to hear from M$ what constitutes too many)
and as a result the
Kerberos TGT is too large and the kpasswd service on the M$ DC just ignores the
change password
request. To work around this created an admin account with minimal group
membership and use this
to bind Samba boxes to AD.
Of course you may have a different issue with M$ ;-)
cheers Andy.
Thanks all. At least now I know it's not just me. I'll be watching
bugzilla with interest, and in the meantime I suppose standard Kerb will
have to do.
Aaron Grewell
Network Administrator
University of Washington Bothell
This e-mail (and any attachments) is confidential and may contain personal views
which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use,
copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC
monitors e-mails sent or received.
Further communication will signify your consent to this.
