Change Users Password From Command Line

Sassy Natan sassyn at gmail.com
Thu Mar 19 19:55:13 GMT 2009


Dear Group

I have being fighting with this for the whole day and I was wondering If
someone can provide some help.

I have manage to change user password from the command line using the net
command like this:

"net password set --realm=Home.Local --user=administrator%pasword username"

This however doesn't seem to effect the user password since when running
samba (alpha5) in debug mode I'm getting this error:

Kerberos: Failed to decrypt PA-DATA -- (enctype arcfour-hmac-md5) error
Decrypt integrity check failed

So I moved to the kerberos admin utlilty (heimdal-clients package in debian)
and changed the user password using the /usr/bin/kpasswd command

Then I got an error that the Kerberos KEY was expired - see also
http://www.nabble.com/samba4-Kerberos-server-and-linux-computers-td21412540.html

So I changed pwdLastSet  to current date an then WALLA password was changed
and I manage to loging with the username to my share
(\\DC\Netlogon<file://DC/Netlogon>
).

the command was:
kpasswd --admin-principal=Administrator at HOME.LOCAL username at HOME.LOCAL


I have 2 questions in mind:

1. What is the purpose of the --kerberos in the net command utility. Does it
change also the password in the kerberos DB? if so what is the correct
syntax. No matter what I enter i'm getting an error.

2. Why the kadmin utlity is not working? is there any way to chnage user
password both in samba4,ldap,kerberos same as in the ADUC -Active Directory
Users and Computers?


Thanks

Sassy


More information about the samba-technical mailing list