[Samba] FEDORA 28 + SAMBA 4.8.5 --must-change-at-next-login don't work
Andrew Bartlett
abartlet at samba.org
Wed Sep 12 16:13:16 UTC 2018
On Wed, 2018-09-12 at 17:16 +0200, Karel Lang AFD via samba wrote:
> Hello,
> if anybody would kindly have anything to advice, please, please - do
> :-)
>
>
> SETUP:
> Fedora 28 + Samba 4.8.5 AD (testing environment consisting of 1
> Samba
> server and 1 joined windows machine and 1 account) :-)
>
> PROBLEM:
> the "--must-change-at-next-login" is the problematic part
>
> after creating user, with this attribute the user is authenticated
> OK
> during FIRST Logon BUT!! when challenged to CHANGE password (as
> expected) he/she can not change the pw as the DOMAIN stubbornly,
> repeatedly says: password is EXPIRED
>
This looks like:
https://bugzilla.samba.org/show_bug.cgi?id=13517
To confirm that, can you rebuild the RPMs to use the internal Heimdal
and see if it still reproduces?
I've CC'ed Andreas who leads the effort to have Samba use the MIT KDC
in case he has any more input.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba
mailing list