Support updating Samba's secrets.tdb when updating machine password

Submitted by John Beranek

Assigned to Stef Walter

Link to original bug (#100118)

Description

If you run Samba on a domain-joined server running sssd and adcli, sssd will call adcli to update the server's machine account password.

However, when it does this, the copy of this password in Samba's secrets.tdb becomes invalid, which stops people authenticating with the Samba server with Username/Password.

You can somewhat work around the issue by configuring Samba with:

kerberos method = system keytab

but you can then only authenticate to Samba with Kerberos, and not username/password.

Now, "everyone" really should be using Kerberos to access SMB servers, but I'm sure many are not...