winbindd negotiates NETLOGON_NEG_PASSWORD_CHANGE_REFUSAL and still tries to change the machine password. This results in a successful local change, but the remote change fails with NT_STATUS_WRONG_PASSWORD as documented here: https://msdn.microsoft.com/en-us/library/cc237243.aspx
Created attachment 13289 [details] A minimal fix for the problem The more generic fixes are currently developed under: https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-secrets-tmp and https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=refs/heads/master4-secrets-ok
Created attachment 13329 [details] Patches for v4-6-test
Created attachment 13330 [details] Patches for v4-5-test
Karolin, please add the patches to the relevant branches. Thanks!
Pushed to autobuild-v4-{5,6}-test
(In reply to Stefan Metzmacher from comment #5) Pushed to v4-{5,6}-test
Shouldn't we take the minimal patch for 4.6 and 4.5 here? Please lets discuss on Monday! Planned release date for 4.6.7 is Wednesday...
(In reply to Karolin Seeger from comment #7) Ok, after some discussion, let's go ahead with the complete patchset.