[Samba] Users/admin unable to reset passwords

Mark Foley mfoley at novatec-inc.com
Wed Jan 24 21:02:39 UTC 2024


It looks like I'm having a serious problem with passwords and domain credentials.

After joining the office Windows workstations as domain members to the new AD, I
used ADUC to set everyone's password to some value so I could verify their apps
got updated when logging in.  After doing that, I again used ADUC to check the
box requiring everyone to change their passsword when logging in. 

The next day when users arrived, they got the message to change their password,
but the system would not accept the new password.  I had to go back into ADUC
and un-set that checkbox.  Then users could log in with the password I had set
and change it with Ctrl-Alt-DEL. 

As an additional experiment, I used samba-tool to set one of the users to have
his password expire in two days.  Which it did today.  He got no message leading
up to this telling him his password was about to expire, as used to happen, but
it did expire today and prevented him from logging in at all, and did not prompt
him to set a new password. 

I went to ADUC and set his profile to never expire the password, then set the
password itself to some values. He still could not log in.

I then used samba-tool to set his password. He could not and still cannot log
in.

What's up here? This user is now completely unable to log into his workstation
at all, not can it be logged into remotely.  The RDC dialog says "credentials
failed".  As admin I don't seem to have the ability to let him in.  I am
concerned as to what will happen when the other users' password time limite
expires. 

The Windows workstations are the exact same ones that were connected to the
previous Samba 4.8.2 domain. All that has changed is they have been unjoined
then rejoined to the new 4.8.19 domain.

Any ideas?

--Mark



More information about the samba mailing list