search for: workstation_trust_account

...We have a network of Solaris 10 machines authenticating and doing name lookups via a Windows 2008 (SP2) domain using the Solaris ldap client and self/gssapi credentials. Each machine has a machine account that is prepared via a script with the following attributes: userAccountControl: 4263936 (WORKSTATION_TRUST_ACCOUNT | DONT_EXPIRE_PASSWORD | DONT_REQ_PREAUTH) msDS-SupportedEncryptionTypes: 23 (KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 | KERB_ENCTYPE_RC4_HMAC_MD5 | KERB_ENCTYPE_DES_CBC_MD5 | KERB_ENCTYPE_DES_CBC_CRC) We would like to install a new Samba file server and have it play nicely with this setup, using...

On 04/09/2015 01:21 PM, Rowland Penny wrote: > On 09/04/15 18:03, John E.P. Hynes wrote: >> >> On 04/09/2015 11:31 AM, Rowland Penny wrote: >>> On 09/04/15 16:19, John E.P. Hynes wrote: >>>> Thanks Rowland, I'll check that out. >>>> >>>> The funny thing is though, this workstation is in a "test" environment >>>>

...How do I edit these with samba-tool? > 2) How the heck did they end up "wrong" like this right out of the box? > > Any ideas appreciated. > > -John OK, my computer accounts all have this: userAccountControl: 69632 Which is made up from: 65536 DONT_EXPIRE_PASSWORD 04096 WORKSTATION_TRUST_ACCOUNT So you could try using ldbmodify on the samba DC to change this. Create an ldif file, /tmp/computer dn: CN=computername,CN=Computers,CN=Users,DC=example,DC=com changetype: modify replace: UserAccountControl UserAccountControl: 69632 Don't forget to alter the top line to your settings. Now...