[Samba] Samba4 and Windows 7 password change
mueller at tropenklinik.de
Thu Sep 9 13:06:41 MDT 2010
On Thu, 09 Sep 2010 19:22:37 +1000, Andrew Bartlett <abartlet at samba.org>
> On Wed, 2010-09-08 at 22:07 -0500, Philip M. White wrote:
>> Hi, all,
>> With the latest Samba4, I am not able to change a user's password via
>> Windows 7.
>> I was able to successfully set a password from within RSAT's Users
>> adding a new user, but that user cannot change his own password.
>> When I try, Windows 7 tells me that the server rejected the password
Hi in Samba4 you need:
Password Policy Settings!!
Along with Samba4 the Password Policy you can only set from console, with
'net pwsettings ' command.
net pwsettings –help:
usage: (show | set <options>)
-h, --help show this help message and exit
-H H LDB URL for database or target server
--quiet Be quiet
The password complexity (on | off | default).
The password history length (<integer> | default).
Default is 24.
The minimum password length (<integer> | default).
Default is 7.
The minimum password age (<integer in days> |
default). Default is 1.
The maximum password age (<integer in days> |
default). Default is 43.
Samba Common Options:
-s FILE, --configfile=FILE
-d DEBUGLEVEL, --debuglevel=DEBUGLEVEL
--option=OPTION set smb.conf option from command line
--realm=REALM set the realm name
DN to use for a simple bind
-U USERNAME, --username=USERNAME
-W WORKGROUP, --workgroup=WORKGROUP
-N, --no-pass Don't ask for a password
-k KERBEROS, --kerberos=KERBEROS
--version Display version number
So I set my Password Policy:
net pwsettings set –--complexity=off
net pwsettings set ---max-pwd-age=60 #<---60 Days
net pwsettings set –min-pwd-length=5
net pwsettings show:
net pwsettings show
Password informations for domain 'DC=mydomain,DC=my,DC=dom'
Password complexity: off
Password history length: 24
Minimum password length: 5
Minimum password age (days): 1
Maximum password age (days): 60
Then change your passwords in your windows7 client.
>> change because the new password doesn't meet the complexity/length
>> On Samba's end, I see this:
>> Changing password of PMWWORLD\sue
>> kpasswdd: Password must be at least 7 characters long, and cannot match
>> any of your 24 previous passwords
>> I get this regardless of what password I try. For the record, I tried
>> Secret$1 and Secret$2, both of which meet the first condition and which
>> I've tried for the first time ever.
>> Can anyone confirm this behavior?
> That's an odd one.
> Perhaps it's a minimum password age?
> Andrew Bartlett
More information about the samba