[Samba] How to change Domain password as normal user?

Mark Foley mfoley at ohprs.org
Thu Mar 29 03:51:45 UTC 2018

On Wed, 28 Mar 2018 20:14:00 +1300 Andrew Bartlett <abartlet at samba.org> wrote:
> On Wed, 2018-03-28 at 03:09 -0400, Mark Foley via samba wrote:
> > 
> > Actually, that didn't quite work. It did change the domain password, but didn't reset the
> > expiration days. So today, when the previous password was set to expire. My account was locked
> > out. I had to log onto the AD/DC as the Domain Administrator and do 'samba-tool user setpassword'.
> > 
> > Suggestions on how I can get the expiration back to the 'Maximum password age' value?
> This sounds very strange.  Are you sure the password changed on the DC?
>  Did the msDS-KeyVersionNumber change, did the pwdLastSet change?

Yes, I know it changed on the DC because I was able to use the new password to log into another
Windows workstation, and I use the domain credential to log into an internal web application. 
All these worked with the new PW.  Later, I checked the Linux workstation's /etc/passwd to make
sure there was no entry for my user (there wasn't).  It does seem strange. 

Unfortunately, I did not check either msDS-KeyVersionNumber or pwdLastSet or even ldbsearch to
get msDS-UserPasswordExpiryTimeComputed before I reset the user pw from the domain
administrator. Next time!

In this thread I've been given 3 more ideas on how to do this:

samba-tool -U <myuser> user password



I'll try each and see which works best for me.

More information about the samba mailing list