[Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM

Leonardo Bruno Lopes leonardo at cefetmg.br
Fri Apr 7 20:32:37 UTC 2017

Hi everyone!

I have a LDAP with all my users' accounts, each one with the
sambaNTPassaword correctly defined. I also have a freshly installed Samba
4.2 running on a Debian 8.7 box.

I followed the instructions described by Steve ThompsSmabon here
<https://lists.samba.org/archive/samba/2014-June/182196.html> and I am able
to create a Samba 4 domain account ('samba-tool user add ...
--random-password ..') and then redefine the password directly using
'ldbmodify' and the sambaNTPassaword value 'hashed' by the Python scritp.

As you may have noticed, I don't want to ask for the users to type their
passwords again, and I want to make sure that LDAP password and Samba
domain password are always the same. On a second moment - after all
accounts were creates - I will keep it synchronized using a management

'smbclient' works (authenticates) normally. The problem is that I can't
login into domain from a Windows 7 VM using the user and password I create
using the scripts/commands from the thread I linked above.

Besides, I can confirm that the 'unicodePwd' value generated by 'samba-tool
user setpassword ...' Is the same that the one generated by the Python
script (I used 'ldbsearch -H ... unicodePwd' to get the things checked).

Is there any other step I should take in order to get Windows logon working
normally with the accounts I create that way?

Thanks in advance, regards.

Esta mensagem foi verificada pelo sistema de antivĂ­rus e
 acredita-se estar livre de perigo.

More information about the samba mailing list