search for: svc_

...the machine password is managed by winbind, so you don't need to this. When you do not join the machine, there is no reason to have a machine account. If you just have a service that does LDAP-queries, I would create an ordinary user-account for it (and start it's name e.g. with "svc_"). With this you decide easily how to manage the password. Or if you use kerberos for this account, you can set the password with samba-tool to a random very long value and use a SPN and keytab for authentication, no hassle with passwords at all... - Kees. > > > I can join the b...

...simplicity i'm thinking to use machine account (-P). > There is "net changetrustpw" to do this. Ok, i've missed that. Thanks. > If you just have a service that does LDAP-queries, I would create an > ordinary user-account for it (and start it's name e.g. with "svc_"). This is my first options, i was only speculating... > With this you decide easily how to manage the password. Or if you use > kerberos for this account, you can set the password with samba-tool to a > random very long value and use a SPN and keytab for authentication, no &gt...

I need to access the LDAP AD server from a debian box, but i don't need shares nor winbind. For a sake of simplicity i'm thinking to use machine account (-P). I can join the box, but if i keep winbind and nmbd/smbd off, how can i renew machine account? Thanks. -- M.C.S.E: Minesweeper Consultant & Solitaire Expert

...king to use machine account (-P). >> There is "net changetrustpw" to do this. > Ok, i've missed that. Thanks. > > >> If you just have a service that does LDAP-queries, I would create an >> ordinary user-account for it (and start it's name e.g. with "svc_"). > This is my first options, i was only speculating... > > >> With this you decide easily how to manage the password. Or if you use >> kerberos for this account, you can set the password with samba-tool to a >> random very long value and use a SPN and keytab for au...