[Samba] Can Logon & Join NT4-style Domain, Can't Change Password
L.P.H. van Belle
belle at bazuin.nl
Fri Aug 19 09:26:39 UTC 2016
With samba 4 in AD mode.. I can change, without any problem my password.
(Win7 64bit and win 10 64 Bit), with all ms patches on the systems.
So maybe.. its time to upgrade you samba NT4 style to AD.
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Wietse Driever
> via samba
> Verzonden: vrijdag 19 augustus 2016 11:21
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Can Logon & Join NT4-style Domain, Can't Change
> Hallo All,
> After updating Windows 10 to the latest versions i can confirm Windows 10
> is also unable to change passwords.
> I found this information:
> Known issues in this security update
> This security update disables the ability of the Negotiate process to fall
> back to NTLM when Kerberos authentication fails for password change
> Currently, the ability to change the passwords of disabled or locked-out
> accounts is supported only by NTLM. It is not supported by the Kerberos
> This security update prevents the Negotiate process from falling back to
> NTLM for password change operations when Kerberos authentication fails.
> therefore, you will no longer be able to change the password for disabled
> or locked-out accounts after you install this security update.
> It is not secure to change disabled or locked-out user account passwords
> using NTLM. This is why the ability of Negotiate to fall back to NTLM is
> disabled by this security update.
> Note Even though you can no longer change the password for disabled or
> locked accounts, you can set the password by using Active Directory-based
> I hope someone can help me fix this without having to block updates.
> Because in Windows 10 it is part of a large cumulative update.
> 2016-08-19 10:27 GMT+02:00 Wietse Driever <wdriever at gmail.com>:
> > Hello Bill,
> > We have the same problems with our users. After some recent updates they
> > are unable to change there passwords. We have many networks at different
> > locations and more and more reports are starting to come in now.
> > We are using:
> > centos 6.8
> > kernel: 2.6.32.-642.1.1.el6.x86_64
> > smbd -V: 3.6.23-25.el6_7
> > I noticed Windows 10 enterprise machines are not affected yet.
> > I am sorry if my post was not correctly formatted, this is the first
> > and i did not have time to read all the rules. Just wanted to let you
> > we are facing the same issues. I still have to test the update rollback.
> > I will let you all now if this also worked for us.
> > Greetings,
> > Wietse Driever
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba