[Samba] How to change Domain password as normal user?

Rowland Penny rpenny at samba.org
Wed Mar 28 13:23:47 UTC 2018 

On Wed, 28 Mar 2018 03:09:43 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:

> On Tue, 27 Mar 2018 13:38:56 -0400 Mark Foley wrote:
> >
> > On Mon, 26 Mar 2018 08:08:53 +0200 Michael Wandel
> > <m.wandel at t-online.de> wrote:
> > >
> > > Am 26.03.2018 um 06:31 schrieb Mark Foley via samba:
> > > > As a normal user, I want to change my Domain Password. I've
> > > > tried:
> > > > 
> > > > $ samba-tool user setpassword myuserId
> > > > --newpassword='mynewpassword'
> > > > 
> > > > but get the error:
> > > > 
> > > > ltdb: tdb(/var/lib/samba/private/sam.ldb): tdb_open_ex: could
> > > > not open file /var/lib/samba/private/sam.ldb: Permission denied
> > > > 
> > > > Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission
> > > > denied Failed to connect to
> > > > 'tdb:///var/lib/samba/private/sam.ldb' with backend 'tdb':
> > > > Unable to open tdb '/var/lib/samba/private/sam.ldb': Permission
> > > > denied ERROR(ldb): uncaught exception - Unable to open tdb
> > > > '/var/lib/samba/private/sam.ldb': Permission denied File
> > > > "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> > > > line 175, in _run return self.run(*args, **kwargs) File
> > > > "/usr/lib64/python2.7/site-packages/samba/netcmd/user.py", line
> > > > 602, in run credentials=creds, lp=lp) File
> > > > "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 57,
> > > > in __init__ options=options) File
> > > > "/usr/lib64/python2.7/site-packages/samba/__init__.py", line
> > > > 115, in __init__ self.connect(url, flags, options) File
> > > > "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 72,
> > > > in connect options=options)
> > > > 
> > > > How do I do this?
> > > > 
> > >
> > > I don't think it's a good idea to change your password direct on
> > > the DC with a normal user login. You don't have rights to the
> > > "holy" sam.ldb.
> > >

You are getting the error message because the samba-tool command is
trying to open sam.ldb on the Unix domain member and it doesn't exists
there.

You can change a users password from a Unix domain member with
'setpassword', but you would need to add '-H
ldap://dc.samdom.example.com' to the command and also add an admin user
& password e.g. -U Administrator --password=ADMINISTRATOR_PASSWORD

A user can also change their own password with samba-tool, but they
would need to use the 'password' subcommand.

Rowland

More information about the samba mailing list