[Samba] Windows users can't change password 4.1.6

Tim lists at kiuni.de
Mon Feb 2 12:04:09 MST 2015 

Just to be sure: Your real realm does not end with .local, right? In an another thread it was not recommended to use TLD .local. The wiki says this also.

Am 2. Februar 2015 12:25:46 MEZ, schrieb "Michał Półrolniczak" <michal.polrolniczak at warp.org.pl>:
>the smb.conf for samba 4.1.6-Ubuntu
>[global]
>         workgroup = DOMAIN
>         realm = DOMAIN.LOCAL
>         netbios name = ubuntu
>         server role = active directory domain controller
>         dns forwarder = 8.8.8.8
>         idmap_ldb:use rfc2307 = yes
>         #log level = 3
>
>[netlogon]
>         path = /var/lib/samba/sysvol/domain.local/scripts
>         read only = No
>
>[sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>This is the config for samba.
>
>Everything was fine till some people report that can't change
>password..
>
>Oh the config for secondary (backup) AD domain controller look same, 
>only netbios name is different.
>The sysvol is replicationg via rsync like the wiki suggest.
>
>W dniu 2015-01-28 o 19:25, Ricky Nance pisze:
>>
>> On Wed, Jan 28, 2015 at 2:09 AM, Michał Półrolniczak 
>> <michal.polrolniczak at warp.org.pl 
>> <mailto:michal.polrolniczak at warp.org.pl>> wrote:
>>
>>
>>
>>     W dniu 2015-01-27 o 18:42, Marc Muehlfeld pisze:
>>
>>         Hello Michał,
>>
>>         Am 27.01.2015 um 07:08 schrieb Michał Półrolniczak:
>>
>>             When changing password via Windows Logon it doesn't say
>it
>>             change it, it
>>             say that new password that I entered is not valid with
>>             password politic
>>             settings, and wasn't change.
>>
>>         Does it met the requirements?
>>        
>https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx
>>
>>         See 'samba-tool domain passwordsettings --help' if you wanna
>>         change
>>         domain wide password settings.
>>
>>
>>
>>             But if you try to change the old password once more (even
>>             with the same
>>             password you enter right before) it say that the user
>name
>>             or password
>>             is invalid.
>>             And you can not log anymore using old or new password.
>>
>>         That's strange. Never heard that. Let me try to reprocuce
>this.
>>         - Which Windows OS do you try to do the PW change on?
>>         - Give an example password that isn't accepted and after that
>>            you get into this situation.
>>
>>
>>         Regards,
>>         Marc
>>
>>
>>     Hello,
>>
>>     I need to add that this problem ain't just after installation.
>>     When samba was installed it was working good - that why its hard
>>     for you to reproduce this problem.
>>
>>     #sudo samba-tool domain passwordsettings show
>>     Password informations for domain 'DC=domain,DC=local'
>>
>>     Password complexity: on
>>     Store plaintext passwords: off
>>     Password history length: 24
>>     Minimum password length: 7
>>     Minimum password age (days): 1
>>     Maximum password age (days): 42
>>
>>     If you need please provide me with information what log you need
>>     and how to collect it for you.
>>
>>     I can try to upgrade it with tar.gz from website but I really not
>>     sure how to transfer my database from Samba that I installed from
>>     Ubuntu Repo to the samba compiled by my own.
>>
>>
>>     -- 
>>     To unsubscribe from this list go to the following URL and read
>the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>> Michal, can you paste the [global] section of your config here? You 
>> can mask parts of it if needed, but you mention PDC in your first 
>> post, and later you are using the AD DC (samba-tool) command for
>things.
>>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list