[Samba] Samba AD/DC, Single-Sign-On, domain users cannot change password
Mark Foley
mfoley at ohprs.org
Fri Jan 15 05:31:14 UTC 2016
On Thu, January 14, 2016 Sketch wrote:
> I type "passwd" in a shell, and it works as it should. One thing I note is
> that it only asks me for my kerberos password if i fail to enter my
> password correctly.
Not for me. I *always* get the kerberos password prompt. I have the minimum_uid=10000 in
/etc/pam.d/common-password above which are my domain users. Anyway, would passwd know how to
change a domain user not in the /etc/passwd file?
> Rowland's suggestion that your PAM configuration is incorrect seems like a
> good possibility here.
Rowland helped me set PAM up in the first place and I've asked him for advice on what might be
wrong.
I agree with you about the "Password and Keys" function, it doesn't let you actually change
your user login password. In fact, I don't really see the use for this utility at all.
I wonder how normal at-home Cinnamon desktop users change their actual login password? Surely
there must be a way. I'm too new with all this GUI desktop stuff to know the answer.
Thanks for your feedback. I'm going to research Rowland's suggested gdm3 and post back results.
--Mark
-----Original Message-----
> Date: Thu, 14 Jan 2016 08:14:56 -0600 (CST)
> From: Sketch <smblist at rednsx.org>
> To: Mark Foley <mfoley at ohprs.org>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Samba AD/DC, Single-Sign-On,
> domain users cannot change password
>
> On Thu, 14 Jan 2016, Mark Foley wrote:
>
> > Hmmm, this message is a week old and nothing?
> >
> > I know many of you have domain member hosts in your domain and surely are logging in as domain
> > users authenticating with the Samba4 AD/DC, right?
> >
> > How do you change your password without having the domain Administrator do it for you?
>
> > Trying to change the password from a terminal session using `passwd`
> > gives the prompt: "Current Kerberos password:" but entering the current
> > domain password is not accepted and the prompt repeats.
>
> I type "passwd" in a shell, and it works as it should. One thing I note is
> that it only asks me for my kerberos password if i fail to enter my
> password correctly.
>
> Current Password:
> Password change failed. Server message: Old password not accepted.
> Kerberos 5 Password:
>
> Rowland's suggestion that your PAM configuration is incorrect seems like a
> good possibility here.
>
> > Domain users can successfully login to the Linux workstation using their domain credentials,
> > but when the user tries to change the password using "Passwords and Keys" from the desktop
> > utility, it does nothing.
>
> I don't run Ubuntu, but I did take a look at GNOME's "Passwords and Keys"
> as exist in gnome 3.14 in centos 7, and I don't see any way to change the
> user's system password from it. I do see "login" under "Passwords", but
> it only seems to change the password used to unlock the keyring itself
> (which is normally the user's login password), not the user's actual login
> password. I don't think this is the right place to change the login
> password.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list