[Samba] Samba AD/DC, Single-Sign-On, domain users cannot change password

Guilherme Boing kolt+samba at frag.com.br
Tue Jan 19 09:56:04 UTC 2016

I remember that I was never able to change the AD password, but I made
passwd work.. kind of.
When I used passwd, the password would change on "unixPassword" attribute,
however it would still be possible to use the AD password (and AD password
wouldn't change at all).

So, in the end, I had two different passwords that would authenticate:
unixPassword (that didn't exist until I used passwd) and the AD password
(that I was never able to change using passwd).

On Fri, Jan 8, 2016 at 3:10 PM, Mark Foley <mfoley at ohprs.org> wrote:

> I have successfully joined my Linux/Ubuntu workstation to the Samaba AD/DC
> domain thanks to
> help from Rowland Penny.
> Now I face an interesting problem ... Domain users cannot change their
> password.
> Domain users can successfully login to the Linux workstation using their
> domain credentials,
> but when the user tries to change the password using "Passwords and Keys"
> from the desktop
> utility, it does nothing.
> Trying to change the password from a terminal session using `passwd` gives
> the prompt: "Current
> Kerberos password:" but entering the current domain password is not
> accepted and the prompt repeats.
> If the Domain Administrator set the user's account to "User must change
> password at next
> login", or if the domain policy expires passwords after so-many days, the
> user cannot log into
> the Linux workstations -- the display manager login dialog spins for
> several minutes, then
> shows, "Invalid password, please try again."
> This is serious. How does a domain user change his own password?
> --Mark
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list