Support updating Samba's secrets.tdb when updating machine password
Submitted by John Beranek
Assigned to Stef Walter
Link to original bug (#100118)
Description
If you run Samba on a domain-joined server running sssd and adcli, sssd will call adcli to update the server's machine account password.
However, when it does this, the copy of this password in Samba's secrets.tdb becomes invalid, which stops people authenticating with the Samba server with Username/Password.
You can somewhat work around the issue by configuring Samba with:
kerberos method = system keytab
but you can then only authenticate to Samba with Kerberos, and not username/password.
Now, "everyone" really should be using Kerberos to access SMB servers, but I'm sure many are not...