[Samba] Cannot change passwords on Active Directory Samba from clients
Luke Barone
lukebarone at gmail.com
Sat Jun 3 00:49:09 UTC 2017
I'll need to check on Monday and get back to you
On Jun 2, 2017 5:47 PM, "Elias Pereira via samba" <samba at lists.samba.org>
wrote:
> Anything in the logs?
>
> On Fri, Jun 2, 2017 at 8:01 PM, Luke Barone via samba <
> samba at lists.samba.org
> > wrote:
>
> > Hi list,
> >
> > We are working on getting Samba version 4.5.8-debian (on Stretch) with
> > Active Directory running, and we are running into a major road block.
> > Clients (Windows 7 Pro, Windows 10 Pro and Educational) cannot change
> their
> > passwords on their own. We can force the user to reset the password for
> > their next login (works), or reset the password with ADUC RSAT as the
> > Domain Admin. If the user tries to use "Change Password" from the Ctrl
> Alt
> > Delete menu, it fails with the message:
> >
> > Unable to update the password. The value provided for the new password
> does
> > not meet the length complexity, or history requirements of the domain
> >
> > We are out of ideas, and Google is not helping much. Below is the
> smb.conf
> > file from the main domain controller (we troubleshooted by even shutting
> > down the secondary DC):
> >
> > # Global parameters
> > [global]
> > bind interfaces only = Yes
> > interfaces = lo enp0s17
> > netbios name = DC1
> > realm = <FQDN>
> > workgroup = <DOMAIN>
> > dns forwarder = <DNS SERVER>
> > server role = active directory domain controller
> > winbind separator = /
> > idmap_ldb:use rfc2307 = yes
> > comment =
> > [netlogon]
> > path = /var/lib/samba/sysvol/<DOMAIN>/scripts
> > read only = No
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> > We have disabled all the password policies in Group Policy Management
> > Console, as well as using samba-tool domain passwordsettings to disable
> any
> > restrictions, such as minimum password age, and password complexity.
> >
> > What are our next steps?
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> Elias Pereira
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list