[Samba] Windows users can't change password 4.1.6

Michał Półrolniczak michal.polrolniczak at warp.org.pl
Mon Feb 2 04:25:46 MST 2015 

the smb.conf for samba 4.1.6-Ubuntu
[global]
         workgroup = DOMAIN
         realm = DOMAIN.LOCAL
         netbios name = ubuntu
         server role = active directory domain controller
         dns forwarder = 8.8.8.8
         idmap_ldb:use rfc2307 = yes
         #log level = 3

[netlogon]
         path = /var/lib/samba/sysvol/domain.local/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No
This is the config for samba.

Everything was fine till some people report that can't change password..

Oh the config for secondary (backup) AD domain controller look same, 
only netbios name is different.
The sysvol is replicationg via rsync like the wiki suggest.

W dniu 2015-01-28 o 19:25, Ricky Nance pisze:
>
> On Wed, Jan 28, 2015 at 2:09 AM, Michał Półrolniczak 
> <michal.polrolniczak at warp.org.pl 
> <mailto:michal.polrolniczak at warp.org.pl>> wrote:
>
>
>
>     W dniu 2015-01-27 o 18:42, Marc Muehlfeld pisze:
>
>         Hello Michał,
>
>         Am 27.01.2015 um 07:08 schrieb Michał Półrolniczak:
>
>             When changing password via Windows Logon it doesn't say it
>             change it, it
>             say that new password that I entered is not valid with
>             password politic
>             settings, and wasn't change.
>
>         Does it met the requirements?
>         https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx
>
>         See 'samba-tool domain passwordsettings --help' if you wanna
>         change
>         domain wide password settings.
>
>
>
>             But if you try to change the old password once more (even
>             with the same
>             password you enter right before) it say that the user name
>             or password
>             is invalid.
>             And you can not log anymore using old or new password.
>
>         That's strange. Never heard that. Let me try to reprocuce this.
>         - Which Windows OS do you try to do the PW change on?
>         - Give an example password that isn't accepted and after that
>            you get into this situation.
>
>
>         Regards,
>         Marc
>
>
>     Hello,
>
>     I need to add that this problem ain't just after installation.
>     When samba was installed it was working good - that why its hard
>     for you to reproduce this problem.
>
>     #sudo samba-tool domain passwordsettings show
>     Password informations for domain 'DC=domain,DC=local'
>
>     Password complexity: on
>     Store plaintext passwords: off
>     Password history length: 24
>     Minimum password length: 7
>     Minimum password age (days): 1
>     Maximum password age (days): 42
>
>     If you need please provide me with information what log you need
>     and how to collect it for you.
>
>     I can try to upgrade it with tar.gz from website but I really not
>     sure how to transfer my database from Samba that I installed from
>     Ubuntu Repo to the samba compiled by my own.
>
>
>     -- 
>     To unsubscribe from this list go to the following URL and read the
>     instructions: https://lists.samba.org/mailman/options/samba
>
>
> Michal, can you paste the [global] section of your config here? You 
> can mask parts of it if needed, but you mention PDC in your first 
> post, and later you are using the AD DC (samba-tool) command for things.
>

More information about the samba mailing list