On Mon, 1 Oct 2012 10:43:59 +0400 Dmitry Khromov <[email protected]> wrote:
> Samba 4.1.0pre1-GIT-aad669b, joined as a DC to an existing domain. At least 6 > accounts behave like this: > Kerberos: AS-REQ [email protected] from ipv4:192.168.1.31:33822 > for krbtgt/[email protected] ... > Kerberos: UNKNOWN -- [email protected]: no such entry found in hdb This disappears once you reset the password on Windows DC, however not on Samba DC: $ bin/samba-tool user setpassword dummyuser --newpassword=password --URL=ldap://sambadc -U someadminuser%someadminpassword # We hadn't reset password on Windows DC yet GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'sasl-DIGEST-MD5' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered ERROR: Failed to set password for user 'dummyuser': (1, 'LDAP error 1 LDAP_OPERATION S_ERROR - <00002020: setup_supplemental_field: failed to pull old supplementalCr edentialsBlob: NT_STATUS_BUFFER_TOO_SMALL> <>') File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/user.py", lin e 547, in run username=username) File "/usr/local/samba/lib64/python2.7/site-packages/samba/samdb.py", line 459, in setpassword self.modify_ldif(setpw) File "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", line 2 35, in modify_ldif self.modify(msg, controls) Resetting password on Windows DC enables samba-tool to reset password for this account on Samba DC, too. Somewhat broken DB on Windows? Any suggestions on how to fix such accounts in order to be able to reset passwords when Windows DC will be demoted? -- Regards, Dmitry Khromov -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
