On 03-03-2024 16:12, Marco Gaiarin via samba wrote:> Mandi! Kees van Vloten via samba > In chel di` si favelave... > >> There is "net changetrustpw" to do this. > I've correctly just joined the firewall to the domain, i can check join > status: > > root at vfwacpn1:~# net ads testjoin > Join is OK > > but if i try to renew credentials i catch: > > root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 > Changing password for principal: vfwacpn1$@AD.MYDOMAIN.IT > Password change failed: No more connections can be made to this remote computer at this time because the computer has already accepted the maximum number of connections. > > Thanks. >Interesting, I tried running it with -d 10, it shows a lot of output. But around the no more connections error, it show just that and no more information. Another thing I tried was "systemctl stop winbind" and then the "net changetrustpw", but even then the same error occurs. And I checked the machine's ldap record "pwdLastSet" attribute. Indeed it shows that the password has not changed. Is anybody aware of how to make this work? Or is this a bug? Now I am wondering about the upcoming 4.20 release, it has the ability to change service-account passwords if I am not mistaken. Would it also manage machine-account passwords? Does anybody know? - Kees.
Mandi! Kees van Vloten via samba In chel di` si favelave...> Interesting, I tried running it with -d 10, it shows a lot of output.The same. My output is a bit more complex, i think because the joined machine is a firewall, that have no whatsoever info about the domain, so i have tons of error relatives to dns record missing. But, as just stated, join with: net ads join -I 10.172.1.8 -U gaio worked as expected, a simple 'net ads testjoin' work (with the same DNS errors, of course).> Another thing I tried was "systemctl stop winbind" and then the "net > changetrustpw", but even then the same error occurs.I've not winbind running in joined machine.> And I checked the machine's ldap record "pwdLastSet" attribute. Indeed > it shows that the password has not changed.I've not specified it, but, clearly, yes. -- Di questa cavolo di pianura, di questa gente senza misura, che gia` confonde la notte e il giorno, e la partenza con il ritorno, e la richezza con i rumore, ed il diritto con il favore (F. De Gregori)