2617 – machine password not changed when running security=ADS

Bug 2617 - machine password not changed when running security=ADS

Summary: machine password not changed when running security=ADS

Status:	RESOLVED LATER

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	winbind (show other bugs)
Version:	3.0.13
Hardware:	All All

Importance:	P3 normal
Target Milestone:	none
Assignee:	Samba Bugzilla Account
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-04-15 02:36 UTC by Henning Kristensen
Modified:	2006-03-01 10:26 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Henning Kristensen 2005-04-15 02:36:39 UTC

Our organisation purges servers that aren't active (that is, does not change 
their machine password in 120 days). The password-change works fine when 
running security=domain, but seems not work with security=ADS.

I tried to dig into the code and found a snippet in the latest Samba
source (3.0.13):

smbd/process.c: (line 1402-1405)

 if(global_machine_password_needs_changing &&
   /* for ADS we need to do a regular ADS password change, not a
domain
      password change */
     lp_security() == SEC_DOMAIN) {

The comment on this snippet (and the code following it) seems to
indicate that nothing is done when running ADS.

In a reply on samba-technical dated Apr 14, 2005 4:40 PM, Volker wrote:

It's a known problem, yes. It will be addressed during my ongoing work in
winbind in Samba trunk, but to make sure that it's not forgotten, better add a
bugzilla entry.

Kind regards / Henning Kristensen

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-09-07 07:27:26 UTC

later