Timeout for computer trust relationship


#1

Hi,

Under Windows, I can go to HKLM\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters or Computer Policies/Windows Settings/Local Policies/Security Options to chnge the trust timeout from 30 days to whatever I want. Is there a way to do that with UCS/Samba? I did a search through the UCS registry, but nothing came up.

Thanks,
Gerald


#2

Hey,

I’m not certain whether or not this is the correct parameter but the following UCR variable does sound like what you’re looking for:

samba/machine_password_timeout: <empty> Interval in seconds for the automatic machine password rotation performed by Samba. If set to 0, the rotation is disabled.

It gets translated into Samba’s “machine password timeout” which the man page describes as follows:

[code]machine password timeout (G)

If a Samba server is a member of a Windows NT Domain (see the
security = domain parameter) then periodically a running smbd
process will try and change the MACHINE ACCOUNT PASSWORD stored in
the TDB called private/secrets.tdb. This parameter specifies how
often this password will be changed, in seconds. The default is
one week (expressed in seconds), the same as a Windows NT Domain
member server.

See also smbpasswd(8), and the security = domain parameter.

Default: machine password timeout = 604800[/code]

Kind regards,
mosu


#3

Thank-you. I have set it and will monitor.


#4

Oky, setting that to zero (0) didn’t work. I have now set server/password/interval to 365 (it was 21).

server/password/interval: The password of the machine account is renewed regularly. This variable configures the rotation interval in days.