search for: chgtdcpass

Can you do this against the secrets.keytab in Samba's private/ dir? > You can reset the Samba machine account pw with > ./source4/scripting/devel/chgtdcpass, but: > - it wont be packaged so you will have to build Samba and tell it to > operate against the right paths > - it shouldn't be needed, upgrades shouldn't break this, and > understanding the root cause would be better > > Hello Andrew, May I ask a few questions in...

I have found source4/scripting/devel/chgtdcpass for adding the aes types to machines. I know you have to change the password of normal users. How do you fix this for krbtgt? Can you just change the password? Is there a recommended method? Thank you for any help, Trever -------------- next part -------------- A non-text attachment was scrubbed...

On Tue, 2017-06-20 at 23:35 +0200, Achim Gottinger via samba wrote: > Can you do this against the secrets.keytab in Samba's private/ dir? > > You can reset the Samba machine account pw with > > ./source4/scripting/devel/chgtdcpass, but: > >   - it wont be packaged so you will have to build Samba and tell it > > to > > operate against the right paths > >   - it shouldn't be needed, upgrades shouldn't break this, and > > understanding the root cause would be better > > > > &g...

...upgrade from Debian Jessie to Debian Stretch all my three DCs have lost their machine password. Or something is corrupted in the machine password database. So the DRS stopped working. To try to repair safely the issue I have virtualised the three machines. Here what I have tried : -> the "chgtdcpass" script works well on the DC with all the FSMO rôles. The "samba-tools" commands using machine password works. -> the "chgtdcpass" script work on one DC (it reconnect the DRS) but not on the other... I don't know why. All the kerberos command works or fail depending...

...been trying to upgrade from samba 3 to samba 4.2.1 on Ubuntu 14.4 using the sernet-samba package. the upgrade seems to work fine and the samba4 comes up correctlly, I have also run the following script to get rid of bug https://git.samba.org/?p=samba.git;a=blob_plain;f=source4/scripting/devel/chgtdcpass;h=4f5ea15a80c2862daf170a5657658a8163174f8a;hb=HEAD I am able to resolve some basic dns entry using the host command, and that's good, however any kinit does not work and return kinit mariopio at CCDC.LAN kinit: Cannot contact any KDC for realm 'CCDC.LAN' while getting initial cred...

Dear list, by mistake some script (msktutil) has updated machine password and keytab for one of my DCs (samba-4.10.10). While I could restore the keytab (/var/lib/samba/private/secrets.keytab) using samba-tool domain exportkeytab, I fail to come up with a way to update the secrets file (/var/lib/samba/private/secrets.ldb) with a new machine password. Can you please help me with an idea how to fix

Hi, I have a domain with 3 DCs running 4.11.8. The database itself dates back to Samba3 and has been gradually updates over the years. When I check out a ticket I get the following results from klist -e Ticket cache: FILE:/tmp/krb5cc_0 Default principal: user at OLDDOMAIN Valid starting Expires Service principal 06/12/2020 23:25:04 06/13/2020 09:25:04 krbtgt/ OLDDOMAIN at

Hi i'm actually trying to migrate my samba 3.6 PDC NT-4 domain with openldap as backend to samba4 AD type domain witch bind_dlz so i followed the documentation https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29 the command : samba-tool domain classicupgrade --dbdir=/root/sambe/ --use-xattrs=yes --realm=mydom.local --dns-backend=BIND9_DLZ

...to samba 4.2.1 on Ubuntu 14.4 > using the sernet-samba package. > > the upgrade seems to work fine and the samba4 comes up correctlly, > > I have also run the following script to get rid of bug > > > https://git.samba.org/?p=samba.git;a=blob_plain;f=source4/scripting/devel/chgtdcpass;h=4f5ea15a80c2862daf170a5657658a8163174f8a;hb=HEAD > > > > I am able to resolve some basic dns entry using the host command, and > that's good, however any kinit does not work and return > > kinit mariopio at CCDC.LAN > kinit: Cannot contact any KDC for realm 'CCD...

...21.06.2017 um 00:50 schrieb Andrew Bartlett: > On Tue, 2017-06-20 at 23:35 +0200, Achim Gottinger via samba wrote: >> Can you do this against the secrets.keytab in Samba's private/ dir? >>> You can reset the Samba machine account pw with >>> ./source4/scripting/devel/chgtdcpass, but: >>> - it wont be packaged so you will have to build Samba and tell it >>> to >>> operate against the right paths >>> - it shouldn't be needed, upgrades shouldn't break this, and >>> understanding the root cause would be better >&gt...

On Sun, 2019-11-03 at 16:24 +0100, Johannes Engel via samba wrote: > 2 hours and I am a little further: > Helped myself with Andrew's script in source4/scripts/devel/chgtdcpass > which updated the machine password as well as the keytab. > After a restart samba keeps complaining now that the (outdated) KVNO 6 is > no longer part of the secrets.keytab: > [2019/11/03 16:22:12.319958, 1] > ../../source4/auth/gensec/gensec_gssapi.c:793(gensec_gssapi_update_inte...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The packages are online :-) Am 21.04.15 um 16:53 schrieb L.P.H. van Belle: > thats still the case with the packages but.. 4.2.1 wil build on > jessie fine. ( from source ) Did that today. > > > Gr, > > Louis > > >> -----Oorspronkelijk bericht----- Van: rowlandpenny at googlemail.com >>

Hello Samba team ! I'am in a very delicate situation. After an upgrade to debian Stretch my DRS stopped working. I have three DCs (fichdc, fichds01, fichds02), all Debian Stretch, all with the same problem. Everything seems to be fine except DRS. -> File shares works -> DNS (with bind9 DLZ) works -> "kinit administrator" works -> "kinit -k FICHDC$" works ->

On Tue, 20 Jun 2017 17:54:09 +0200 Prunk Dump via samba <samba at lists.samba.org> wrote: > Hello thanks again for the help ! > > I have analysed samba logs more closely. I'am very worried. I have > three DC (fichdc, fichds01, fichds02) but here I talk just about > fichdc's logs. > How did you upgrade 'jessie' to 'stretch' and why ? Did all the

...to samba 4.2.1 on Ubuntu 14.4 > using the sernet-samba package. > > the upgrade seems to work fine and the samba4 comes up correctlly, > > I have also run the following script to get rid of bug > > > https://git.samba.org/?p=samba.git;a=blob_plain;f=source4/scripting/devel/chgtdcpass;h=4f5ea15a80c2862daf170a5657658a8163174f8a;hb=HEAD > > > > I am able to resolve some basic dns entry using the host command, and > that's good, however any kinit does not work and return > > kinit mariopio at CCDC.LAN > kinit: Cannot contact any KDC for realm 'CCDC...

On 14/07/15 15:46, Trever L. Adams wrote: > I have found source4/scripting/devel/chgtdcpass for adding the aes types > to machines. I know you have to change the password of normal users. > > How do you fix this for krbtgt? Can you just change the password? Is > there a recommended method? > > Thank you for any help, > Trever > > > You could try looking here...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey, I'm running a Samba4 DC domain and I'd like to change the machine trust password of the current DC. This doesn't seem possible using net ads changetrustpw or net rpc changetrustpw on the DC itself, and I can't seem to find any command in samba-tool to achieve this. Is there any way to change the trust password of the DC? - --

...---- > # kinit -k FICHDC$ > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: FICHDC$@NET.LYC-GUILLAUME-FICHET.AC-GRENOBLE.FR Can you do this against the secrets.keytab in Samba's private/ dir? You can reset the Samba machine account pw with ./source4/scripting/devel/chgtdcpass, but: - it wont be packaged so you will have to build Samba and tell it to operate against the right paths - it shouldn't be needed, upgrades shouldn't break this, and understanding the root cause would be better Does 'samba-tool time -P' work? It is any different with 'samb...

2 hours and I am a little further: Helped myself with Andrew's script in source4/scripts/devel/chgtdcpass which updated the machine password as well as the keytab. After a restart samba keeps complaining now that the (outdated) KVNO 6 is no longer part of the secrets.keytab: [2019/11/03 16:22:12.319958, 1] ../../source4/auth/gensec/gensec_gssapi.c:793(gensec_gssapi_update_internal) GSS server Update...

...regards Johannes Am So., 3. Nov. 2019 um 17:52 Uhr schrieb Andrew Bartlett < abartlet at samba.org>: > On Sun, 2019-11-03 at 16:24 +0100, Johannes Engel via samba wrote: > > 2 hours and I am a little further: > > Helped myself with Andrew's script in source4/scripts/devel/chgtdcpass > > which updated the machine password as well as the keytab. > > After a restart samba keeps complaining now that the (outdated) KVNO 6 is > > no longer part of the secrets.keytab: > > [2019/11/03 16:22:12.319958, 1] > > > ../../source4/auth/gensec/gensec_gssapi.c...