On Fri, 2003-03-28 at 23:44, Eric Boehm wrote:
On Fri, Mar 28, 2003 at 10:00:47PM +1100, Andrew Bartlett wrote:
Andrew == Andrew Bartlett [EMAIL PROTECTED] writes:
Andrew On Fri, 2003-03-28 at 19:44, Hansjoerg Maurer wrote:
Andrew If you run 'smbpasswd -t' it should do it on demand.
That doesn't seem to work
I didn't say it would work, just that it would be easier to debug :-)
smbpasswd -t AMERICASE
2003/03/28 07:40:32 : change_trust_account_password: Failed to change password for
domain AMERICASE.
I do have a debug level 10 log of the attempt but there really isn't
much more information in it. I really do think this might be a bug. If
anyone has been able to get this to work, I would appreciate hearing
about it. If there are other steps I can take to help debug/fix this,
I am willing to take those steps.
Doesn't this present a potential security issue if the machine
password never changes?
Small - basically if the 'bad guy' can figure out the password by
cryptographic or network brute force before you change it, yes. If he
is listening on the connection always anyway, then they will observe the
password change.
In short - keep it secret, and it's not too bad.
[2003/03/27 15:33:15, 5, pid=25400] lib/util.c:(291)
smb_bcc=0
[2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(518)
write_socket(10,39)
[2003/03/27 15:33:15, 6, pid=25400] lib/util_sock.c:(521)
write_socket(10,39) wrote 39
[2003/03/27 15:34:15, 3, pid=25400] smbd/sec_ctx.c:(329)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2003/03/27 15:34:15, 5, pid=25400] smbd/uid.c:(217)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1137)
timeout_processing: checking to see if machine account password need changing.
[2003/03/27 15:34:15, 10, pid=25400] smbd/process.c:(1167)
timeout_processing: machine account password last change time = (1046645657) Sun,
02 Mar 2003 17:54:17 EST.
[2003/03/27 15:34:15, 0, pid=25400] rpc_client/cli_trust.c:(46)
domain_client_validate: unable to fetch domain sid.
This certainly looks like an issue.
Have you tried rejoining the domain?
Andrew Bartlett
--
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED]
Student Network Administrator, Hawker College [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba