[Samba] How to change Domain password as normal user?
Mark Foley
mfoley at ohprs.org
Thu Mar 29 03:51:45 UTC 2018
On Wed, 28 Mar 2018 20:14:00 +1300 Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Wed, 2018-03-28 at 03:09 -0400, Mark Foley via samba wrote:
> >
> > Actually, that didn't quite work. It did change the domain password, but didn't reset the
> > expiration days. So today, when the previous password was set to expire. My account was locked
> > out. I had to log onto the AD/DC as the Domain Administrator and do 'samba-tool user setpassword'.
> >
> > Suggestions on how I can get the expiration back to the 'Maximum password age' value?
>
> This sounds very strange. Are you sure the password changed on the DC?
> Did the msDS-KeyVersionNumber change, did the pwdLastSet change?
Yes, I know it changed on the DC because I was able to use the new password to log into another
Windows workstation, and I use the domain credential to log into an internal web application.
All these worked with the new PW. Later, I checked the Linux workstation's /etc/passwd to make
sure there was no entry for my user (there wasn't). It does seem strange.
Unfortunately, I did not check either msDS-KeyVersionNumber or pwdLastSet or even ldbsearch to
get msDS-UserPasswordExpiryTimeComputed before I reset the user pw from the domain
administrator. Next time!
In this thread I've been given 3 more ideas on how to do this:
samba-tool -U <myuser> user password
smbpasswd
kpasswd
I'll try each and see which works best for me.
More information about the samba
mailing list