Mandi! Kees van Vloten via samba In chel di` si favelave...> There is "net changetrustpw" to do this.I've correctly just joined the firewall to the domain, i can check join status: root at vfwacpn1:~# net ads testjoin Join is OK but if i try to renew credentials i catch: root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT Password change failed: No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections. Thanks. -- Microsoft is to Software as McDonalds is to Cuisine.
On 03-03-2024 16:12, Marco Gaiarin via samba wrote:> Mandi! Kees van Vloten via samba > In chel di` si favelave... > >> There is "net changetrustpw" to do this. > I've correctly just joined the firewall to the domain, i can check join > status: > > root at vfwacpn1:~# net ads testjoin > Join is OK > > but if i try to renew credentials i catch: > > root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 > Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT > Password change failed: No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections. > > Thanks. >Interesting, I tried running it with -d 10, it shows a lot of output. But around the no more connections error, it show just that and no more information. Another thing I tried was "systemctl stop winbind" and then the "net changetrustpw", but even then the same error occurs. And I checked the machine's ldap record "pwdLastSet" attribute. Indeed it shows that the password has not changed. Is anybody aware of how to make this work? Or is this a bug? Now I am wondering about the upcoming 4.20 release, it has the ability to change service-account passwords if I am not mistaken. Would it also manage machine-account passwords? Does anybody know? - Kees.
On Sun, 3 Mar 2024 16:12:04 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Kees van Vloten via samba > In chel di` si favelave... > > > There is "net changetrustpw" to do this. > > I've correctly just joined the firewall to the domain, i can check > join status: > > root at vfwacpn1:~# net ads testjoin > Join is OK > > but if i try to renew credentials i catch: > > root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 > Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT > Password change failed: No more connections can be made to > this remote computer at this time because the computer has already > accepted the maximum number of connections. > > Thanks. >Just a thought and I could be barking up the wrong tree, but it looks like the password change is carried out using kerberos, so perhaps using an ipaddress isn't helping, try with a dns name instead, or even without anything. Rowland