[Samba] Can Logon & Join NT4-style Domain, Can't Change Password

Volker Lendecke vl at samba.org
Fri Aug 19 09:30:33 UTC 2016 

Hi!

There's not much Samba can do here except recommend moving to a recent
Samba version and switch to AD. Windows 10 more and more expects AD.

Volker

On Fri, Aug 19, 2016 at 11:20:51AM +0200, Wietse Driever via samba wrote:
> Hallo All,
> 
> After updating Windows 10 to the latest versions i can confirm Windows 10
> is also unable to change passwords.
> 
> I found this information:
> https://support.microsoft.com/en-us/kb/3167679
> ----
> Known issues in this security update
> 
> This security update disables the ability of the Negotiate process to fall
> back to NTLM when Kerberos authentication fails for password change
> operations.
> 
> Currently, the ability to change the passwords of disabled or locked-out
> accounts is supported only by NTLM. It is not supported by the Kerberos
> protocol.
> This security update prevents the Negotiate process from falling back to
> NTLM for password change operations when Kerberos authentication fails.
> therefore, you will no longer be able to change the password for disabled
> or locked-out accounts after you install this security update.
> It is not secure to change disabled or locked-out user account passwords by
> using NTLM. This is why the ability of Negotiate to fall back to NTLM is
> disabled by this security update.
> 
> Note Even though you can no longer change the password for disabled or
> locked accounts, you can set the password by using Active Directory-based
> tools.
> ----
> 
> I hope someone can help me fix this without having to block updates.
> Because in Windows 10 it is part of a large cumulative update.
> 
> Greetings,
> 
> Wietse
> 
> 
> 2016-08-19 10:27 GMT+02:00 Wietse Driever <wdriever at gmail.com>:
> 
> > Hello Bill,
> >
> > We have the same problems with our users. After some recent updates they
> > are unable to change there passwords. We have many networks at different
> > locations and more and more reports are starting to come in now.
> >
> > We are using:
> > centos 6.8
> > kernel: 2.6.32.-642.1.1.el6.x86_64
> > smbd -V: 3.6.23-25.el6_7
> >
> > I noticed Windows 10 enterprise machines are not affected yet.
> >
> > I am sorry if my post was not correctly formatted, this is the first time
> > and i did not have time to read all the rules. Just wanted to let you now
> > we are facing the same issues. I still have to test the update rollback.
> >
> > I will let you all now if this also worked for us.
> >
> > Greetings,
> >
> > Wietse Driever
> >
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list