[Samba] How to change Domain password as normal user?

Rowland Penny rpenny at samba.org
Mon Apr 16 18:46:35 UTC 2018


On Mon, 16 Apr 2018 14:12:02 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:

> Still having daily problems. Yesterday, again, I reset the user
> password from the AD/DC as the domain administrator: samba-tool user
> setpassword mark
> 
> Today, I was unable to log in. The only message in the log.samba file
> is:
> 
> [2018/04/16 14:02:12.199145,
> 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv)
> auth_check_password_recv: sam_ignoredomain authentication for user
> [HPRS\mark] FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT
> 
> There are no preceeding messages with invalid passwords, etc. If I
> reset the password as domain administrator I get locked out sometime
> a day later. This is consistently repeatable.
> 
> How do I fix this? This is an urgent problem.
> 
> If this list is not the right place for this question, please advise.
> 

The problem is that the locking out probably has nothing to do
with the password change, other than the password has been changed.

See here for what to check for:

https://www.lepide.com/blog/what-are-the-common-root-causes-of-account-lockouts-and-do-i-resolve-them/

The other problem is, you really need Samba 4.7.0 onwards to get the
authentication attempts in the logs, so it looks like you need to
upgrade, but do not upgrade to 4.8.0

There is probably something trying to auth with a stale password, but
with your Samba version it will be hard to discover what.

Rowland



More information about the samba mailing list