[Samba] change passord sssd-client

Andrew Bartlett abartlet at samba.org
Mon Mar 20 20:26:14 UTC 2017

On Mon, 2017-03-20 at 16:38 -0300, josé Roberto via samba wrote:
> Hi,
> I'm trying to migrate to samba4 and had the following issue:
> I have SSSD configured to authenticate users on linux machines that I
> get
> from a samba4 service through LDAP endpoint. Users are successfuly
> authenticated in the system, but I can't manage to change password of
> these
> users from command line. When I try to use passwd command, i got the
> following:
> Password change failed. Server message: Extended
> Operation( not supported
> passwd: Authentication token manipulation error
> passwd: password unchanged
> I saw in another forums that it's possible to bypass this error
> changing
> permissions from the user that is authenticating on LDAP base to
> write
> other users passwords, but in this case it's a samba4 base using a
> interface. Is it possible to grant this kind of permission to the
> user
> authenticating through LDAP?

sssd should be able to change passwords over kpasswd or ldap (with the
AD method, which is over unicodePwd), but sadly Samba does not support
the extended operation method yet.  We would love to support it, but
that requires engineering at this stage.


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list