Zentyal Forum, Linux Small Business Server
Zentyal Server => Directory and Authentication => Topic started by: ktrojok on September 28, 2018, 12:39:09 pm
-
Hello,
the service password for DNS / SAMBA expired. Therefore I cannot change or restart my DNS. Here is the log section:
2018/09/28 12:31:52 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2018/09/28 12:31:55 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
2018/09/28 12:31:55 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
Error output: kinit: Password incorrect
Command output: .
Exit value: 1
2018/09/28 12:31:55 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
2018/09/28 12:31:55 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-basel failed.
Error output: kinit: Password incorrect
I found articles on setting the samba password using the samba-tool. But which account needs to be updated?
Environment: Zentyal Corp 5.0.2
kind regards
Konrad
-
Hi!
Try this: https://forum.zentyal.org/index.php/topic,26766.msg98404.html#msg98404
It works for me in the past.
==========================================
Quote from: GG_jr on September 27, 2016, 08:15:14 pm
Hi,
I had the same issue.
I had installed Zentyal more than one year ago and the password for the samba admin has expired.
I read somewhere how to change the expiration period to "never expire" with samba admin tools, if I remember well, and it worked.
I think is written also here, on this forum.
But Google search will help you.
Gabriel
PS
https://forum.zentyal.org/index.php/topic,26766.msg98404.html#msg98404
======================================================
-
Hi GG_jr,
thanks for this hint .. I now have turned of password aging, so I hope I can avoid the problem in the future.
Now I still have the problem "password incorrect". Which account needs to be updated?
kind regards
Konrad
-
Hi Konrad,
You must change password for samba admin account.
Change samba admin password and then set password expiry to never.
I did this only once and I don't remember exactly how but I followed the steps from that article.
Kind regards,
Gabriel
-
Hi,
this is a list of all users in Zentyal SAMBA user db (I purged the personal accounts):
admkonrad@basel:~$ sudo samba-tool user list
ldb_wrap open of secrets.ldb
zentyal-mailfilter-basel
zentyal-mail-basel
Administrator
Postmaster
dns-basel
krbtgt
Guest
The "Administrator" which is the Dom-Admin has got a new password, also the "dns-basel". Still I get the error message from Kerberos "kinit ..." password incorrect. I guess I messed it up by changing the password for "dns-basel" first hand.
kind regards
Konrad
-
In Zentyal 6.0, this command solved this problem:
samba-tool user setexpiry dns-<SERVER_NAME> --noexpiry