[Samba] Samba AD/DC, Single-Sign-On, domain users cannot change password
smblist at rednsx.org
Thu Jan 14 14:14:56 UTC 2016
On Thu, 14 Jan 2016, Mark Foley wrote:
> Hmmm, this message is a week old and nothing?
> I know many of you have domain member hosts in your domain and surely are logging in as domain
> users authenticating with the Samba4 AD/DC, right?
> How do you change your password without having the domain Administrator do it for you?
> Trying to change the password from a terminal session using `passwd`
> gives the prompt: "Current Kerberos password:" but entering the current
> domain password is not accepted and the prompt repeats.
I type "passwd" in a shell, and it works as it should. One thing I note is
that it only asks me for my kerberos password if i fail to enter my
Password change failed. Server message: Old password not accepted.
Kerberos 5 Password:
Rowland's suggestion that your PAM configuration is incorrect seems like a
good possibility here.
> Domain users can successfully login to the Linux workstation using their domain credentials,
> but when the user tries to change the password using "Passwords and Keys" from the desktop
> utility, it does nothing.
I don't run Ubuntu, but I did take a look at GNOME's "Passwords and Keys"
as exist in gnome 3.14 in centos 7, and I don't see any way to change the
user's system password from it. I do see "login" under "Passwords", but
it only seems to change the password used to unlock the keyring itself
(which is normally the user's login password), not the user's actual login
password. I don't think this is the right place to change the login
More information about the samba