[Samba] Windows users can't change password 4.1.6

Michał Półrolniczak michal.polrolniczak at warp.org.pl
Mon Feb 2 23:05:50 MST 2015

actually it dose. but there was a topic here about it not being harm.
still this setup worked like a charm from beginning, and broke a bit in 

W dniu 2015-02-02 o 20:04, Tim pisze:
> Just to be sure: Your real realm does not end with .local, right? In 
> an another thread it was not recommended to use TLD .local. The wiki 
> says this also.
> Am 2. Februar 2015 12:25:46 MEZ, schrieb "Michał Półrolniczak" 
> <michal.polrolniczak at warp.org.pl>:
>     the smb.conf for samba 4.1.6-Ubuntu
>     [global]
>               workgroup = DOMAIN
>               realm = DOMAIN.LOCAL
>               netbios name = ubuntu
>               server role = active directory domain controller
>               dns forwarder =  <>
>               idmap_ldb:use rfc2307 = yes
>               #log level = 3
>     [netlogon]
>               path = /var/lib/samba/sysvol/domain.local/scripts
>               read only = No
>     [sysvol]
>               path = /var/lib/samba/sysvol
>               read only = No
>     This is the config for samba.
>     Everything was fine till some people report that can't change password..
>     Oh the config for secondary (backup) AD domain controller look same,
>     only netbios name is different.
>     The sysvol is replicationg via rsync like the wiki suggest.
>     W dniu 2015-01-28 o 19:25, Ricky Nance pisze:
>         On Wed, Jan 28, 2015 at 2:09 AM, Michał Półrolniczak
>         <michal.polrolniczak at warp.org.pl
>         <mailto:michal.polrolniczak at warp.org.pl>> wrote: W dniu
>         2015-01-27 o 18:42, Marc Muehlfeld pisze: Hello Michał, Am
>         27.01.2015 um 07:08 schrieb Michał Półrolniczak: When changing
>         password via Windows Logon it doesn't say it change it, it say
>         that new password that I entered is not valid with password
>         politic settings, and wasn't change. Does it met the
>         requirements?
>         https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx
>         See 'samba-tool domain passwordsettings --help' if you wanna
>         change domain wide password settings. But if you try to change
>         the old password once more (even with the same password you
>         enter right before) it say that the user name or password is
>         invalid. And you can not log anymore using old or new
>         password. That's strange. Never heard that. Let me try to
>         reprocuce this. - Which Windows OS do you try to do the PW
>         change on? - Give an example password that isn't accepted and
>         after that you get into this situation. Regards, Marc Hello, I
>         need to add that this problem ain't just after installation.
>         When samba was installed it was working good - that why its
>         hard for you to reproduce this problem. #sudo samba-tool
>         domain passwordsettings show Password informations for domain
>         'DC=domain,DC=local' Password complexity: on Store plaintext
>         passwords: off Password history length: 24 Minimum password
>         length: 7 Minimum password age (days): 1 Maximum password age
>         (days): 42 If you need please provide me with information what
>         log you need and how to collect it for you. I can try to
>         upgrade it with tar.gz from website but I really not sure how
>         to transfer my database from Samba that I installed from
>         Ubuntu Repo to the samba compiled by my own. -- To unsubscribe
>         from this list go to the following URL and read the
>         instructions: https://lists.samba.org/mailman/options/samba
>         Michal, can you paste the [global] section of your config
>         here? You can mask parts of it if needed, but you mention PDC
>         in your first post, and later you are using the AD DC
>         (samba-tool) command for things.

More information about the samba mailing list