16024 – Samba-AD domain controllers don't change machine account password every 30 days

Bug 16024 - Samba-AD domain controllers don't change machine account password every 30 days

Summary: Samba-AD domain controllers don't change machine account password every 30 days

Status:	NEW

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.24.0rc*
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Samba QA Contact
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2026-03-11 10:21 UTC by Denis Cardon
Modified:	2026-03-11 21:17 UTC (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Denis Cardon 2026-03-11 10:21:37 UTC

Domain controller have machine account like every other computers/servers in the domain. Smaba domain members change machine password every 30 days by default using the winbind process if I'm correct.

However domaine controllers don't do password rotation. It has to be done manually. I guess this is due to the fact that winbind running on domain controller is not the same implementation as the one on DC.