[Samba] Certificates stop working after password change in legacy domain

Roel van Meer roel at 1afa.com
Mon Mar 16 07:15:47 MDT 2015


Andrew Bartlett writes:

> > we have a problem with users that have personal certificates. When they
> > change their password via the Ctrl-Alt-Del prompt, their personal
> > certificates can no longer be used to authenticate.
>
> I strongly suspect this is because the BackupKey RPC is not implemented
> in the Samba classic DC.
>
> > If so, could
> > someone give me a few pointers on where to start looking for a cause?
>
> Take a test system, and on an isolated network upgrade to a Samba AD DC.
> If you use Samba 4.2.0, this should then allow password changes.

An upgrade to Samba AD DC is scheduled for later this year. I'll postpone  
this until then.

Thanks for your answer!

Roel



More information about the samba mailing list