[Samba] parameter "Password must change" doesn't work correctly
petr.sevcik at linuxbox.cz
petr.sevcik at linuxbox.cz
Wed Apr 5 07:30:19 UTC 2017
Hi,
I have problem with samba in AD domain mode. When I change parameter
"Password must change" to 0 for some users windows doesn't open dialog for
password changing during first login. User login to windows with expired
password and cannot open network shares. For users it is confusing. After
second login of same user, dialog for pasword change shows and user can
change password. In LDAP looks everything fine. I didn't find difference
between user where works "password must change" on first login and the user
where "password must change" doesn't work on first login.
Do you have some idea?
My configuration:
Samba AD PDC
Version 4.3.13
smb.conf
[global]
workgroup = DOMAIN
realm = domain.com
netbios name = server
interfaces = lo eth0
bind interfaces only = Yes
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
log level = 3
log file = /var/log/samba/log.%U
pdbedit list of problem user
Unix username: petr.sevcik
NT username:
Account Flags: [U ]
User SID: S-1-5-21-0934500099-2342309098-6523098409-1130
Primary Group SID: S-1-5-21-0934500099-2342309098-6523098409-513
Full Name: Sevcik
Home Directory:
HomeDir Drive: (null)
Logon Script:
Profile Path:
Domain:
Account desc:
Workstations:
Munged dial:
Logon time: St, 05 04 2017 05:44:01 CEST
Logoff time: Pa, 14 09 30828 04:48:05 CEST
Kickoff time: Pa, 14 09 30828 04:48:05 CEST
Password last set: Ut, 04 04 2017 16:44:29 CEST
Password can change: Ut, 04 04 2017 16:44:29 CEST
Password must change: 0
Last bad password : 0
Bad password count : 0
Logon hours : FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
Thanks
-------------------------------------
Petr Ševčík
-------------------------------------
More information about the samba
mailing list