Changing domain passwords

James Willard james at whispering.org
Thu May 30 10:48:02 GMT 2002 

Andrew,

Thank you so much for your help. The "net ads password" command works
beautifully in changing a users' AD password as an administrative user.
However, there were a few "gotcha's" that weren't mentioned in the
ADS-HOWTO.txt.

The first problem I ran into was that the RPM of OpenLDAP that came with
RedHat 6 (version 1.2.9) doesn't pass the necessary ./configure tests to set
HAVE_LDAP in include/config.h. That wasn't a big deal. I went to
ftp.openldap.org, downloaded and compiled 2.0.23, and that problem was taken
care of.

The second problem took a little bit longer to figure out. When running "net
ads password", I would receive a prompt for the new password, but as soon as
I pressed 'enter' it would dump core. I traced it down to a krb5 library
call. I was using the krb5 library that came with RedHat 6 (version 1.1.1).
When I downloaded and compiled the latest version from MIT, version 1.2.5,
things started working beautifully.

Anyway, I just wanted to say thanks to the Samba team for such an incredible
product, thanks to Andrew Bartlett for replying so quickly to my question,
and hopefully offer a little help for those who might experience a similar
problem in the future.

By the way, is SWAT broken in the HEAD branch or is it just my
configuration? Whenever I try to run it, it traps a SIGABRT and dies. The
backtrace is as follows:

#0  0x808e0d5 in lp_save_defaults ()
#1  0x808e468 in lp_load ()
#2  0x805ef4b in load_config ()

Thanks,

James Willard
james at whispering.org

----- Original Message -----
From: "Andrew Bartlett" <abartlet at pcug.org.au>
To: "James Willard" <james at whispering.org>
Cc: <samba-technical at samba.org>
Sent: Tuesday, May 28, 2002 6:37 PM
Subject: Re: Changing domain passwords


> > James Willard wrote:
> >
> > Hello all,
> >
> > I'm trying to use smbpasswd to change the password for a user who's a
> > member
> > of an Active Directory domain (running in NT domain compatibility
> > mode).
>
> > The problem is that I need to be able to change a users' password AS
> > another user with administrator rights. Users have the ability to
> > change their own password disabled so that they must use the web
> > interface. With rpcclient from samba-tng, I could connect to IPC$ as
> > administrator and then use "ntpass <user>" to change their password.
> > Is there an alternative method in the newer AD-aware versions of
> > Samba? Its rpcclient no longer has the 'ntpass' command and smbpasswd
> > doesn't support connecting as another user, from what I can tell.
>
> Look at the 'net ads password' command in HEAD.  This works against AD
> nativly - doing the password change over kerberos protocols.
>
> Sorry, the doco is a bit lacking at this stage.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                 abartlet at pcug.org.au
> Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
> Student Network Administrator, Hawker College   abartlet at hawkerc.net
> http://samba.org     http://build.samba.org     http://hawkerc.net
>

More information about the samba-technical mailing list