[Samba] Changing expired Samba AD password during Windows login
Ken McDonald
ken at generation.tech
Thu Jan 18 03:01:07 UTC 2018
I'm running a Samba AD 4.7.4 and cannot set a new password for a user
with an expired password during login from a Windows PC. Changing a
password from inside a login with cntl-alt-del "change password" works ok.
I've already decreased the minimum password age to 0
samba-tool domain passwordsettings show
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 0
Maximum password age (days): 42
Account lockout duration (mins): 30
Account lockout threshold (attempts): 0
Reset account lockout after (mins): 30
My Samba install is brand new and the Windows PC is a clean test PC. I'm
running on Ubuntu 16.04.3 and had to compile from source Samba 4.7.4
after compiling from source krb5 1.15.2. All other build dependencies
came from default Ubuntu 16.04.3 repos
smb.conf
# Global parameters
[global]
dns forwarder = xxx.xxx.xxx.xxx
netbios name = DCNAME
realm = DOMAINNAME.DOMAIN.COM
server role = active directory domain controller
workgroup = DOMAINNAME
idmap_ldb:use rfc2307 = yes
log level = 5
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/domainname.domain.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
More information about the samba
mailing list