[Samba] Can Logon & Join NT4-style Domain, Can't Change Password
vl at samba.org
Fri Aug 19 09:30:33 UTC 2016
There's not much Samba can do here except recommend moving to a recent
Samba version and switch to AD. Windows 10 more and more expects AD.
On Fri, Aug 19, 2016 at 11:20:51AM +0200, Wietse Driever via samba wrote:
> Hallo All,
> After updating Windows 10 to the latest versions i can confirm Windows 10
> is also unable to change passwords.
> I found this information:
> Known issues in this security update
> This security update disables the ability of the Negotiate process to fall
> back to NTLM when Kerberos authentication fails for password change
> Currently, the ability to change the passwords of disabled or locked-out
> accounts is supported only by NTLM. It is not supported by the Kerberos
> This security update prevents the Negotiate process from falling back to
> NTLM for password change operations when Kerberos authentication fails.
> therefore, you will no longer be able to change the password for disabled
> or locked-out accounts after you install this security update.
> It is not secure to change disabled or locked-out user account passwords by
> using NTLM. This is why the ability of Negotiate to fall back to NTLM is
> disabled by this security update.
> Note Even though you can no longer change the password for disabled or
> locked accounts, you can set the password by using Active Directory-based
> I hope someone can help me fix this without having to block updates.
> Because in Windows 10 it is part of a large cumulative update.
> 2016-08-19 10:27 GMT+02:00 Wietse Driever <wdriever at gmail.com>:
> > Hello Bill,
> > We have the same problems with our users. After some recent updates they
> > are unable to change there passwords. We have many networks at different
> > locations and more and more reports are starting to come in now.
> > We are using:
> > centos 6.8
> > kernel: 2.6.32.-642.1.1.el6.x86_64
> > smbd -V: 3.6.23-25.el6_7
> > I noticed Windows 10 enterprise machines are not affected yet.
> > I am sorry if my post was not correctly formatted, this is the first time
> > and i did not have time to read all the rules. Just wanted to let you now
> > we are facing the same issues. I still have to test the update rollback.
> > I will let you all now if this also worked for us.
> > Greetings,
> > Wietse Driever
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba