[at1]

Tnere is also this

https://www.afp548.com/forum/viewtopic.php?showtopic=16099

[at1]

HI

Looks like the script and command also got mangled a little by the http in this forum
apologies again for not spotting this earlier

#!/usr/bin/expect -f
#Hack to change samba machine password non-interactively
set machinepw [lindex $argv 0]
spawn net -f changesecretpw
expect “password:”
send “$machinepw\r”
expect eof

so save that somewhere and make it executable.

You can then run the following as root:

changesecret $(defaults read /Library/Preferences/DirectoryService/ActiveDirectory “AD Computer Password”| /usr/bin/tr -d “< >” | /usr/bin/xxd -r -p)

i copied this script verbatim, when run with the command above it changes the password without any further input required

try it again, it 100% worked for me

[at1]

Sorry slight amendment due to html bugs

A broken secrets.tdb entry looks like this:

key = “SECRETS/MACHINE_PASSWORD/TOUCANTEST”
data = “h)j8q6hWaCuVeQ”

A fixed secrets.tdb entry should look like this:

key = “SECRETS/MACHINE_PASSWORD/TOUCANTEST”
data = “h)j8q6hWaCuVeQ0/00”

note the /00 NULL at the end of the data.

Sorry it did not work for you, i had the luxury of being able to scrub my server and build it up again which i’m sure helped

what happens when you run the script? did you see any errors in the logs or terminal window?

do you see the null value in secrets.tbd after you run the script?

[at1]

Dear All

Looks like this is a bug with the 10.4.8 Intel build of Mac os x server

This bug causes the samba machine password stored in secrets.tdb to be stored in a malformed state

This problem was identified and the solution graciously provided by Matt Jeens of Toucan Computing in the UK

If you run
tdbdump /var/db/samba/secrets.tdb

you can see your existing machine password

An example of broken entry created when you bind the server using Directory Access looks like this;

key = “SECRETS/MACHINE_PASSWORD/TOUCANTEST”
data = “h)j8q6hWaCuVeQ”

to fix this malformed password, you need an expect script to make ‘net changesecretpw’ non-Interactive:

#!/usr/bin/expect -f
#Hack to change samba machine password non-interactively
set machinepw [lindex $argv 0]
spawn net -f changesecretpw
expect “password:”
send “$machinepw\r”
expect eof

save this as ‘changesecret’ somewhere and make it executable.

stop samba from server admin, then run the following command as root

changesecret $(defaults read /Library/Preferences/DirectoryService/ActiveDirectory “AD Computer Password”| /usr/bin/tr -d “< >” | /usr/bin/xxd -r -p)

Which should set the password appropriately.

run tdbdump again to view the new password:

tdbdump /var/db/samba/secrets.tdb

A fixed entry looks like this:

key = “SECRETS/MACHINE_PASSWORD/TOUCANTEST”
data = “h)j8q6hWaCuVeQ\00”

note the \00 NULL at the end of the data.

I recommend restart your server before testing this has worked

NB, i found that i had to use the FQDN of the Xserve when accessing shares from PC clients (although this may be unrelated issue) using just the hostname failed for me

hope this helps anyone experiencing this annoying issue

[at1]

Hi

Are you sure you are logged into the WGM as the directory admin?

Hope this helps

Alasdair

[Author]

Posts