[Samba] Samba AD changing a user's password as non-root user
Andrey Repin
anrdaemon at yandex.ru
Tue Apr 14 17:06:20 MDT 2015
Greetings, Roel van Meer!
> I'm using Samba in an AD setup, (version 4.2.0) and I'm looking for a way to
> change the password of a user from the command line, as a non-root user.
> I know I can use 'smbpasswd', 'samba-tool user setpassword', or 'samba-tool
> user password', but these all seem to require root privileges. When I run
> them as root, they work, but when I run them as non-root user, I get:
> user1a at test-s4ad:~$ smbpasswd -U dago
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> SAMR connection to machine NT_STATUS_ACCESS_DENIED failed. Error was
> 127.0.0.1, but LANMAN password changes are disabled
> or
> user1a at test-s4ad:~$ samba-tool user password -U dago
> Password for [S4\dago]:
> New Password:
> Retype Password:
> ERROR: Failed to change password : samr_ChangePasswordUser3 for 'S4\dago' failed: NT_STATUS_ACCESS_DENIED
> So, is there a possibility to change the password of one user with a
> commandline tool run by another user (provided he has the old password, of
> course)?
> Thanks a lot,
> Roel
> PS: In case it matters, my (stripped down) smb.conf is:
> [global]
> workgroup = S4
> realm = s4.local
> netbios name = TEST-S4AD
> server string = test-s4ad
> server role = active directory domain controller
Are you actually trying to do it on a domain controller?
Then this just won't work.
> server role check:inhibit = yes
> server services = s3fs rpc wrepl ldap cldap kdc drepl winbind ntp_signd kcc dnsupdate dns
> security = auto
> idmap_ldb:use rfc2307 = yes
> interfaces = 192.168.3.3/24 127.255.255.255/8
> bind interfaces only = Yes
> hosts allow = 192.168.3.0/255.255.255.0 127.0.0.1 LOCAL/unixdom
> dns forwarder = 127.0.0.2
> I've already tried adding:
> lanman auth = Yes
> client lanman auth = Yes
> but that didn't change anything.
--
With best regards,
Andrey Repin
Wednesday, April 15, 2015 02:05:36
Sorry for my terrible english...
More information about the samba
mailing list