samba - Aug 2020 - password reset using admin keytab on domain member

Hi,

I was wondering if it is possible to use something like

samba-tool user setpassword ... -k yes

on a domain member if one has kerberos tickets for an admin account.
That does not seem to work for me, as the above command appears to try
to write to the database directly...

ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
file /var/lib/samba/private/sam.ldb: No such file or directory

when executed on a domain member instead of on a DC. Thanks for any
insights,

Christian

On 15/08/2020 21:38, Christian via samba wrote:
> Hi,
>
> I was wondering if it is possible to use something like
>
> samba-tool user setpassword ... -k yes
>
> on a domain member if one has kerberos tickets for an admin account.
> That does not seem to work for me, as the above command appears to try
> to write to the database directly...
>
> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
> file /var/lib/samba/private/sam.ldb: No such file or directory
>
> when executed on a domain member instead of on a DC. Thanks for any
> insights,
>
> Christian
>
Add '-H ldap://dc1' where 'dc1' is the hostname of a DC.

Rowland

Hi Rowland,

thanks a lot... I feel silly now... Best,

Christian

Am 16/08/2020 um 09:33 schrieb Rowland penny via samba:
> On 15/08/2020 21:38, Christian via samba wrote:
>> Hi,
>>
>> I was wondering if it is possible to use something like
>>
>> samba-tool user setpassword ... -k yes
>>
>> on a domain member if one has kerberos tickets for an admin account.
>> That does not seem to work for me, as the above command appears to try
>> to write to the database directly...
>>
>> ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could not open
>> file /var/lib/samba/private/sam.ldb: No such file or directory
>>
>> when executed on a domain member instead of on a DC. Thanks for any
>> insights,
>>
>> Christian
>>
> Add '-H ldap://dc1' where 'dc1' is the hostname of a DC.
>
> Rowland
>
>
>