[Samba] Samba AD/DC, Single-Sign-On, domain users cannot change password

Mark Foley mfoley at ohprs.org
Fri Jan 8 17:10:16 UTC 2016

I have successfully joined my Linux/Ubuntu workstation to the Samaba AD/DC domain thanks to
help from Rowland Penny.

Now I face an interesting problem ... Domain users cannot change their password.

Domain users can successfully login to the Linux workstation using their domain credentials,
but when the user tries to change the password using "Passwords and Keys" from the desktop
utility, it does nothing.

Trying to change the password from a terminal session using `passwd` gives the prompt: "Current
Kerberos password:" but entering the current domain password is not accepted and the prompt repeats.

If the Domain Administrator set the user's account to "User must change password at next
login", or if the domain policy expires passwords after so-many days, the user cannot log into
the Linux workstations -- the display manager login dialog spins for several minutes, then
shows, "Invalid password, please try again."

This is serious. How does a domain user change his own password? 



More information about the samba mailing list