[Samba] FEDORA 28 + SAMBA 4.8.5 --must-change-at-next-login don't work

Andrew Bartlett abartlet at samba.org
Wed Sep 12 16:13:16 UTC 2018

On Wed, 2018-09-12 at 17:16 +0200, Karel Lang AFD via samba wrote:
> Hello,
> if anybody would kindly have anything to advice, please, please - do
> :-)
> Fedora 28 + Samba 4.8.5 AD  (testing environment consisting of 1
> Samba 
> server and 1 joined windows machine and 1 account) :-)
> the "--must-change-at-next-login" is the problematic part
> after creating user, with this attribute the user is authenticated
> OK 
> during FIRST Logon BUT!! when challenged to CHANGE password (as 
> expected) he/she can not change the pw as the DOMAIN stubbornly, 
> repeatedly says: password is EXPIRED

This looks like:


To confirm that, can you rebuild the RPMs to use the internal Heimdal
and see if it still reproduces?

I've CC'ed Andreas who leads the effort to have Samba use the MIT KDC
in case he has any more input.


Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list