similar to: Daily changetrustpw breaks authentication

Hi, We are having problems setting up a squid cache server to use NTLMv2 authentication to authenticate users against AD. We have narrowed the problems down to being a problem between samba and squid when using NTLMv2. It constantly moans about the password being wrong when using squid, but doing a direct samba auth works fine. We have (believedly) narrowed it down to this: the domain requires

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hey, I'm running a Samba4 DC domain and I'd like to change the machine trust password of the current DC. This doesn't seem possible using net ads changetrustpw or net rpc changetrustpw on the DC itself, and I can't seem to find any command in samba-tool to achieve this. Is there any way to change the trust password of the DC? - --

Hi, I am running squid and samba to auth users against a 2003 domain. My squid setup is something like this: auth_param ntlm program /usr/local/libexec/squid/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes auth_param ntlm children 2 auth_param basic program /usr/local/libexec/squid/ntlm_auth

Hi! I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I got the following from the cache.log: [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_request(1114) Got 'YR' from squid (length: 2). [2003/12/18 15:36:48, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(362) got NTLMSSP packet: [2003/12/18 15:36:48, 10]

Mandi! Kees van Vloten via samba In chel di` si favelave... > There is "net changetrustpw" to do this. I've correctly just joined the firewall to the domain, i can check join status: root at vfwacpn1:~# net ads testjoin Join is OK but if i try to renew credentials i catch: root at vfwacpn1:~# net ads changetrustpw -I 10.172.1.8 Changing password for principal:

I'm trying the new RHEL 3 beta, which comes with samba 3 beta 3, and squid 2.5.STABLE3. Both samba and squid seem appropriately compiled... and I'm using the same config files as samba 2.2.8a and squid 2.5.stable3 (which worked), but windows authentication with the helpers is failing. I asked the squid list first, and got "Samba 3 supports Basic and NTLM authentication for Squid and

On Sun, 3 Mar 2024 16:12:04 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > > > There is "net changetrustpw" to do this. > > I've correctly just joined the firewall to the domain, i can check > join status: > > root at vfwacpn1:~# net ads testjoin > Join is

Hello, I'm having a little problem after logging into domain via samba, after a few minutes the squid no longer authenticates the users through single sign on and keeps asking for authentication in the browser without stopping. below is my settings and error logs. smb.conf [global]workgroup = SALEnetbios name = utmadmserver string = PROXY SERVERload printers = nolog file =

Hello, net ads changetrustpw this command works fine on domain members, but on domain controller there is hard fail with: ads_change_trust_account_password: Machine account password change only supported on a DOMAIN_MEMBER W dniu 23.04.2025 o?15:32, Rowland Penny via samba pisze: > net ads changetrustpw -- Ta wiadomo?? e-mail zosta?a sprawdzona pod k?tem wirus?w przez oprogramowanie

Hi Kacper, maybe you've overlooked my answer from April 23th. Kees has written a script especially for this: See "dc_password_change" on https://github.com/kvvloten/samba_integrations/tree/main/domain_controller/manage_scripts This script works in my AD without problems for some time... Regards Ingo https://github.com/WAdama Kacper Wirski via samba schrieb am 02.05.2025 um

Mandi! Kees van Vloten via samba In chel di` si favelave... > Solution is easy: upgrading winbind from Debian backports solves the issue ! I've upgraded to latest buster version 4.18.10+dfsg-1~buster, but still does not work for me... Now display: root at vfwacpn1:~# net ads changetrustpw get_kdc_ip_string: get_kdc_list fail NT_STATUS_NO_LOGON_SERVERS Changing password for

On Wed, 23 Apr 2025 14:35:16 +0200 Kacper Wirski via samba <samba at lists.samba.org> wrote: > What is the best approach to change samba ad dc's own password? > Windows machines change periodically, linux domain members can simply > re-join domain, but when it comes to DC's I can't find any > recommended steps? Is re-joining domain as domain controller viable >

On 25-02-2024 11:56, Marco Gaiarin via samba wrote: > I need to access the LDAP AD server from a debian box, but i don't need > shares nor winbind. > > For a sake of simplicity i'm thinking to use machine account (-P). There is "net changetrustpw" to do this. When you domain-join the machine the machine password is managed by winbind, so you don't need to this.

Greetings list, I have a member server in a w2k3 AD domain that has been happily spinning for a couple of years. As of yesterday morning, we've been having some issues with it. I've had it configured correctly, and haven't touched it. I'll provide the configs if needed. I've kept it updated as time's gone on for security updates etc.. the wonkyness seems to rear is

I submited this to the Squid list, but I got no response which I assume means that no one has any suggestions. Can anyone give me a clue as to what I have configured incorrectly. Thanks. -------- Original Message -------- Subject: [squid-users] NTLM Authentication Problem Date: Tue, 28 Oct 2003 11:34:29 -0500 From: Jim Richey <jrichey@highmark.com> To: squid-users@squid-cache.org

Op 24-03-2024 om 17:42 schreef Marco Gaiarin via samba: > Mandi! Kees van Vloten via samba > In chel di` si favelave... > >> Solution is easy: upgrading winbind from Debian backports solves the issue ! > I've upgraded to latest buster version 4.18.10+dfsg-1~buster, but still does > not work for me... > > Now display: > > root at vfwacpn1:~# net ads

On 04-03-2024 21:54, Rowland Penny via samba wrote: > On Mon, 4 Mar 2024 14:14:18 +0100 > Marco Gaiarin via samba <samba at lists.samba.org> wrote: > >> Mandi! Kees van Vloten via samba >> In chel di` si favelave... >> >>> Interesting, I tried running it with -d 10, it shows a lot of >>> output. >> The same. My output is a bit more

Hi all, I've a little problem using ntlm_auth with squid. Scenario: Redhat 9, Samba 3 compiled, squid-2.5 compiled. smb.conf: [global] encrypt passwords = Yes winbind separator = \ winbind cache time = 10 template homedir = /home/%D/%U template shell = /bin/bash idmap uid = 10000-20000 idmap gid = 10000-20000 winbind uid = 10000-20000 winbind gid = 10000-20000 winbind enum users = yes

Hello all, I am discussing more than two weeks with SQuid developpers for an issue I encounter with ntlm_auth process. You can get a complete overview of the discussion at the url specified below but you can also get a summary later in this mail. http://www.mail-archive.com/squid-users@squid-cache.org/msg60371.html I get a complete platform based on OpenLDAP 2.3.43, MIT-KerberosV 1.6, Samba

Mandi! Kees van Vloten via samba In chel di` si favelave... >> For a sake of simplicity i'm thinking to use machine account (-P). > There is "net changetrustpw" to do this. Ok, i've missed that. Thanks. > If you just have a service that does LDAP-queries, I would create an > ordinary user-account for it (and start it's name e.g. with "svc_").