[Samba] [Samba 4.8.3.] Cannot change password at first logon

Tomas Storc tomas.storc at afd.cz
Tue Sep 4 12:53:17 UTC 2018

Hi all,

I have installed Samba AD Domain for testing and it works fine. Only 
problem is that when i create new user with "samba-tool user create 
$USERNAME --must-change-at-next-login" or via ADUC in RSAT with "user 
must change password at first login" i cannot change password at all. 
When i try login i get prompt that i have to change password so i write 
new password, oncce more for confirmation, press enter and i get error: 
"Logon failure: the specified account password has expired".

My [Global] section of smb.conf is:

     dns forwarder =
     netbios name = AFDDC1
     server role = active directory domain controller
     log level = 3
     workgroup = AUFEERDESIGN
     map to guest = bad user
     idmap_ldb:use rfc2307 = yes
     template shell = /bin/bash
     template homedir = /home/%U
     allow dns updates = nonsecure
     machine password timeout = 0
         kerberos method = secrets and keytab
         winbind enum users = yes
         winbind enum groups = yes

Thank you


	*Tomáš Štorc*
*IT Administrator Junior*
AUFEER TOOLS, s.r.o. | Ptacka 156, 29301 Mladá Boleslav, Czech Republic
tel: +420 326 700 458 | fax: +420 326 700 450 | GSM: +420 736 513 755
tomas.storc at afd.cz <mailto:tomas.storc at afd.cz> | www.aufeerdesign.cz 

More information about the samba mailing list