[Samba] Certificates stop working after password change in legacy domain

Roel van Meer roel at 1afa.com
Thu Mar 12 06:53:40 MDT 2015

Hi list,

we have a problem with users that have personal certificates. When they  
change their password via the Ctrl-Alt-Del prompt, their personal  
certificates can no longer be used to authenticate.

This happens with Windows 7 Professional joined to a Samba legacy domain.
I've tested Samba 4.0.22 and 4.2.0 and they both show the same behaviour.

When I leave the domain, and try it with the client as standalone system, it  
works like it should.

I found a similar thread here: https://lists.samba.org/archive/samba/2013-June/173816.html
but the problem there was with a Samba AD.

Is this something that should work with a legacy domain? If so, could  
someone give me a few pointers on where to start looking for a cause?

Thanks a lot,


More information about the samba mailing list