Author Topic: DNS / SAMBA mudule error service password expired / incorrect  (Read 6152 times)

ktrojok

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
DNS / SAMBA mudule error service password expired / incorrect
« on: September 28, 2018, 12:39:09 pm »
Hello,

the service password for DNS / SAMBA expired. Therefore I cannot change or restart my DNS. Here is the log section:

2018/09/28 12:31:52 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2018/09/28 12:31:55 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
2018/09/28 12:31:55 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
Error output: kinit: Password incorrect

Command output: .
Exit value: 1
2018/09/28 12:31:55 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
2018/09/28 12:31:55 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
Error output: kinit: Password incorrect


I found articles on setting the samba password using the samba-tool. But which account needs to be updated?

Environment: Zentyal Corp 5.0.2

kind regards
Konrad

gabriel.gheorghiu@abt.ro

  • Guest
Re: DNS / SAMBA mudule error service password expired / incorrect
« Reply #1 on: September 28, 2018, 05:33:53 pm »
Hi!

Try this: https://forum.zentyal.org/index.php/topic,26766.msg98404.html#msg98404

It works for me in the past.

==========================================

Quote from: GG_jr on September 27, 2016, 08:15:14 pm

    Hi,

    I had the same issue.

    I had installed Zentyal more than one year ago and the password for the samba admin has expired.

    I read somewhere how to change the expiration period to "never expire" with samba admin tools, if I remember well, and it worked.
    I think is written also here, on this forum.

    But Google search will help you.

    Gabriel

    PS

     https://forum.zentyal.org/index.php/topic,26766.msg98404.html#msg98404
======================================================

ktrojok

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: DNS / SAMBA mudule error service password expired / incorrect
« Reply #2 on: September 30, 2018, 09:19:53 pm »
Hi GG_jr,

thanks for this hint .. I now have turned of password aging, so I hope I can avoid the problem in the future.

Now I still have the problem "password incorrect". Which account needs to be updated?

kind regards
Konrad


gabriel.gheorghiu@abt.ro

  • Guest
Re: DNS / SAMBA mudule error service password expired / incorrect
« Reply #3 on: October 01, 2018, 07:52:04 am »
Hi Konrad,

You must change password for samba admin account.
Change samba admin password and then set password expiry to never.
I did this only once and I don't remember exactly how but I followed the steps from that article.

Kind regards,
Gabriel

ktrojok

  • Zen Apprentice
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: DNS / SAMBA mudule error service password expired / incorrect
« Reply #4 on: October 01, 2018, 11:04:39 am »
Hi,

this is a list of all users in Zentyal SAMBA user db (I purged the personal accounts):

admkonrad@basel:~$ sudo samba-tool user list
ldb_wrap open of secrets.ldb
zentyal-mailfilter-basel
zentyal-mail-basel
Administrator
Postmaster
dns-basel
krbtgt
Guest

The "Administrator" which is the Dom-Admin has got a new password, also the "dns-basel". Still I get the error message from Kerberos "kinit ..." password incorrect. I guess I messed it up by changing the password for "dns-basel" first hand.

kind regards
Konrad

mastroca

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +1/-0
    • View Profile
Re: DNS / SAMBA mudule error service password expired / incorrect
« Reply #5 on: August 26, 2019, 01:13:50 pm »
In Zentyal 6.0, this command solved this problem:

samba-tool user setexpiry dns-<SERVER_NAME> --noexpiry