Change Users Password From Command Line

Mon Mar 23 09:26:13 GMT 2009

Hi All

Thansk for the help again

In Alpha 7 the net change password did the job with no probelm

Seem to me now that something was wonrg in my installation

Thank again
Sassy

On Fri, Mar 20, 2009 at 6:04 PM, Matthieu Patou <mat at matws.net> wrote:

> Well even it's not solving problems and need on a long run I can provide
> few vbs script that allow to create user from command lines.
>
> Matthieu.
>
>
>
> On 03/20/2009 03:53 PM, Sassy Natan wrote:
>
>> Thank you and all the Samba Group to provide this pkg! :-)
>>
>> I Just love it, and I'm always amazed by the knowledge you have!
>>
>> Thanks for the help, I really mean it!
>>
>> However, I still fighting with the issue I have.
>> I will try to rephrase my question:
>>
>> When changing user password using the NET utility - I get no error and
>> password do seems to be changed. However when trying to connect to the
>> server share (\\server\netlogon) from my Windows XP machine (NOT PART OF
>> THE
>> DOMAIN - IT IS IN A  WORKGROUP MODE) I'm asking to provide user name and
>> password. So while providing the user name and password I have just
>> changed,
>> the user and password window just repeating itself over and over again.
>> In the samba4 log file (running in debug mode) I see this error : Failed
>> to
>> decrypt PA-DATA -- (enctype arcfour-hmac-md5) error Decrypt integrity
>> check
>> failed.
>>
>> While this user and password window is still open in my XP machine  - I
>> change the user password using the kpasswd to the same password as in the
>> NET utility and now user can access.
>>
>> If the passwd db is the same for the all system (LDAP,LDB etc..) then I'm
>> not sure the NET utility really doing something.
>> It is worth mention that the same debug messages appears when using the
>> net
>> utility and the ADUC tool (which working great).
>>
>> I also want to add that I'm quite sure that I used the same password in
>> both
>> cases!
>>
>> Where am I'm going wrong? can u point me out for more test?
>>
>> Where the password DB is located?
>>
>> 10x again
>>
>> Have a nice weekend
>>
>> Sassy
>>
>>
>>
>> On Fri, Mar 20, 2009 at 10:19 AM, Andrew Bartlett<abartlet at samba.org
>> >wrote:
>>
>>
>>
>>> On Thu, 2009-03-19 at 21:55 +0200, Sassy Natan wrote:
>>>
>>>
>>>> Dear Group
>>>>
>>>> I have being fighting with this for the whole day and I was wondering If
>>>> someone can provide some help.
>>>>
>>>> I have manage to change user password from the command line using the
>>>> net
>>>> command like this:
>>>>
>>>> "net password set --realm=Home.Local --user=administrator%pasword
>>>>
>>>>
>>> username"
>>>
>>>
>>>> This however doesn't seem to effect the user password since when running
>>>> samba (alpha5) in debug mode I'm getting this error:
>>>>
>>>> Kerberos: Failed to decrypt PA-DATA -- (enctype arcfour-hmac-md5) error
>>>> Decrypt integrity check failed
>>>>
>>>>
>>> I'm not quite sure what's going on here - it looks simply like you
>>> changed the password to something different to what you are then trying
>>> to authenticate as.
>>>
>>>
>>>
>>>> So I moved to the kerberos admin utlilty (heimdal-clients package in
>>>>
>>>>
>>> debian)
>>>
>>>
>>>> and changed the user password using the /usr/bin/kpasswd command
>>>>
>>>> Then I got an error that the Kerberos KEY was expired - see also
>>>>
>>>>
>>>>
>>>
>>> http://www.nabble.com/samba4-Kerberos-server-and-linux-computers-td21412540.html
>>>
>>>
>>>> So I changed pwdLastSet  to current date an then WALLA password was
>>>>
>>>>
>>> changed
>>>
>>>
>>>> and I manage to loging with the username to my share
>>>> (\\DC\Netlogon<file://DC/Netlogon>
>>>> ).
>>>>
>>>>
>>> You must be running an old install, and like Matthieu have been very
>>> helpful in finding bugs that only show up after a period of time.
>>>
>>> This failure is one of the issues I hope to work on soon (I've been
>>> distracted on other tasks for the moment).
>>>
>>>
>>>
>>>> the command was:
>>>> kpasswd --admin-principal=Administrator at HOME.LOCAL username at HOME.LOCAL
>>>>
>>>>
>>>> I have 2 questions in mind:
>>>>
>>>> 1. What is the purpose of the --kerberos in the net command utility.
>>>> Does
>>>>
>>>>
>>> it
>>>
>>>
>>>> change also the password in the kerberos DB? if so what is the correct
>>>> syntax. No matter what I enter i'm getting an error.
>>>>
>>>>
>>> The --kerberos option selects if the authentication method (to prove to
>>> the server that you are an administrator, and therefore permitted to
>>> reset the password) is to use Kerberos or not.  There is only one
>>> password database in Samba, and all calls to set the password change the
>>> same database.
>>>
>>>
>>>
>>>> 2. Why the kadmin utlity is not working? is there any way to chnage user
>>>> password both in samba4,ldap,kerberos same as in the ADUC -Active
>>>>
>>>>
>>> Directory
>>>
>>>
>>>> Users and Computers?
>>>>
>>>>
>>> We do not implement the Heimdal kadmin protocol, only the interfaces
>>> provided by AD.   Changing the password with any tool changes the
>>> password for all protocols (we only store it once, in LDB).
>>>
>>> I hope this helps, and thankyou for trying Samba4!
>>>
>>> Andrew Bartlett
>>>
>>> --
>>> Andrew Bartlett
>>> http://samba.org/~abartlet/
>>> Authentication Developer, Samba Team           http://samba.org
>>> Samba Developer, Red Hat Inc.
>>>
>>>
>>>
>>
>