[Samba] Samba4 and Windows 7 password change
Daniel Müller
mueller at tropenklinik.de
Thu Sep 9 13:06:41 MDT 2010
On Thu, 09 Sep 2010 19:22:37 +1000, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Wed, 2010-09-08 at 22:07 -0500, Philip M. White wrote:
>> Hi, all,
>>
>> With the latest Samba4, I am not able to change a user's password via
>> Windows 7.
>>
>> I was able to successfully set a password from within RSAT's Users
while
>> adding a new user, but that user cannot change his own password.
>>
>> When I try, Windows 7 tells me that the server rejected the password
Hi in Samba4 you need:
Password Policy Settings!!
Along with Samba4 the Password Policy you can only set from console, with
'net pwsettings ' command.
net pwsettings –help:
usage: (show | set <options>)
options:
-h, --help show this help message and exit
-H H LDB URL for database or target server
--quiet Be quiet
--complexity=COMPLEXITY
The password complexity (on | off | default).
Default
is 'on'
--history-length=HISTORY_LENGTH
The password history length (<integer> | default).
Default is 24.
--min-pwd-length=MIN_PWD_LENGTH
The minimum password length (<integer> | default).
Default is 7.
--min-pwd-age=MIN_PWD_AGE
The minimum password age (<integer in days> |
default). Default is 1.
--max-pwd-age=MAX_PWD_AGE
The maximum password age (<integer in days> |
default). Default is 43.
Samba Common Options:
-s FILE, --configfile=FILE
Configuration file
-d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
debug level
--option=OPTION set smb.conf option from command line
--realm=REALM set the realm name
Credentials Options:
--simple-bind-dn=DN
DN to use for a simple bind
--password=PASSWORD
Password
-U USERNAME, --username=USERNAME
Username
-W WORKGROUP, --workgroup=WORKGROUP
Workgroup
-N, --no-pass Don't ask for a password
-k KERBEROS, --kerberos=KERBEROS
Use Kerberos
Version Options:
--version Display version number
So I set my Password Policy:
net pwsettings set –--complexity=off
net pwsettings set ---max-pwd-age=60 #<---60 Days
net pwsettings set –min-pwd-length=5
net pwsettings show:
net pwsettings show
Password informations for domain 'DC=mydomain,DC=my,DC=dom'
Password complexity: off
Password history length: 24
Minimum password length: 5
Minimum password age (days): 1
Maximum password age (days): 60
Then change your passwords in your windows7 client.
Daniel
>> change because the new password doesn't meet the complexity/length
>> requirements.
>>
>> On Samba's end, I see this:
>> Changing password of PMWWORLD\sue
>> (S-1-5-21-1802782687-180428704-2922416880-1106)
>> kpasswdd: Password must be at least 7 characters long, and cannot match
>> any of your 24 previous passwords
>>
>> I get this regardless of what password I try. For the record, I tried
>> Secret$1 and Secret$2, both of which meet the first condition and which
>> I've tried for the first time ever.
>>
>> Can anyone confirm this behavior?
>
> That's an odd one.
>
> Perhaps it's a minimum password age?
>
> Andrew Bartlett
More information about the samba
mailing list