[Samba] parameter "Password must change" doesn't work correctly
Marc Muehlfeld
mmuehlfeld at samba.org
Wed Apr 5 15:16:14 UTC 2017
Hi Petr,
Am 05.04.2017 um 09:30 schrieb PeSe via samba:
> I have problem with samba in AD domain mode. When I change parameter
> "Password must change" to 0 for some users windows doesn't open dialog for
> password changing during first login. User login to windows with expired
> password and cannot open network shares.
I cannot confirm this using Windows 10 and Samba 4.6.0:
I set pwdLastSet to 0 and when the user tries to log in, he must change
the password. If you press "Cancel", you are back at the login.
http://picpaste.de/pics/screenshot-v3Kcu3Ej.1491404762.png
You said "...for some users...". If this does not happen for all, the
next step is to find out what differs in the user attributes. To display
all attributes of a user, enter on a Samba DC:
# ldbsearch -H /usr/local/samba/private/sam.ldb 'sAMAccountName=user_name'
Compare a working and a non-working account.
> pdbedit list of problem user
This utility is not really compatible with AD. Especially not if you try
to set something. :-)
Did you use pdbedit to set this flag? Then I'm sure this is the cause.
Instead use:
# ldbedit -H /usr/local/samba/private/sam.ldb 'sAMAccountName=user_name'
or RSAT, or any LDAP client.
Regards,
Marc
More information about the samba
mailing list