Bug 2617 - machine password not changed when running security=ADS
Summary: machine password not changed when running security=ADS
Alias: None
Product: Samba 3.0
Classification: Unclassified
Component: winbind (show other bugs)
Version: 3.0.13
Hardware: All All
: P3 normal
Target Milestone: none
Assignee: Samba Bugzilla Account
QA Contact: Samba QA Contact
Depends on:
Reported: 2005-04-15 02:36 UTC by Henning Kristensen
Modified: 2006-03-01 10:26 UTC (History)
1 user (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Henning Kristensen 2005-04-15 02:36:39 UTC
Our organisation purges servers that aren't active (that is, does not change 
their machine password in 120 days). The password-change works fine when 
running security=domain, but seems not work with security=ADS.

I tried to dig into the code and found a snippet in the latest Samba
source (3.0.13):

smbd/process.c: (line 1402-1405)

 if(global_machine_password_nee­ds_changing &&
   /* for ADS we need to do a regular ADS password change, not a
      password change */
     lp_security() == SEC_DOMAIN) {

The comment on this snippet (and the code following it) seems to
indicate that nothing is done when running ADS.

In a reply on samba-technical dated Apr 14, 2005 4:40 PM, Volker wrote:

It's a known problem, yes. It will be addressed during my ongoing work in
winbind in Samba trunk, but to make sure that it's not forgotten, better add a
bugzilla entry.

Kind regards / Henning Kristensen
Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-09-07 07:27:26 UTC