[Samba] Changing expired Samba AD password during Windows login
Ken McDonald
ken at generation.tech
Sat Jan 20 14:39:33 UTC 2018
Thanks for the help, however I don't think your suggestion applies in my
case. On a fresh install of Samba 4.7.4 AD you cannot change a user
password on a logged in PC through cntl-alt-del -> ChangePassword
because the default MinAge is 1 days. I had to use the "samba-tool
domain passwordsettings set --min-pwd-age=0" command to make the
logged-on style of password change work.
All that remains is getting the PasswordChange "during login" to work.
Maybe I don't understand your suggestion. What GPO should I adjust so
that a domain user can change their own expired password when they log
into a domain-connected Windows desktop OS?
On 01/19/2018 04:31 AM, Marco Gaiarin via samba wrote:
> Mandi! Ken McDonald via samba
> In chel di` si favelave...
>
>> I'm running a Samba AD 4.7.4 and cannot set a new password for a user with
>> an expired password during login from a Windows PC. Changing a password from
>> inside a login with cntl-alt-del "change password" works ok.
> [...]
>> samba-tool domain passwordsettings show
> Have you set the GPOs?
>
> 'samba-tool domain passwordsettings' works, as a ''global policy'', for
> samba domain controller only.
> For clients (and windows domain members, in general) you have to set
> the same policy in GPO.
>
>
> Last announcment of 4.8 beta seems this have been 'fixed', eg also
> samba domain controllers now obey to GPOs policy.
>
More information about the samba
mailing list