[Samba] Users cannot change their passwords

Torin Woltjer torin.woltjer at granddial.com
Mon Sep 24 20:23:06 UTC 2018

Currently running multiple active directory domain controllers on OpenSUSE Leap 15 with Samba 4.7.8

I'm running into an issue where users cannot change their own passwords. On a domain joined Windows laptop logged in as Administrator, trying to change the password results in an error: The user name or password is incorrect, Try again.
At the same time in the systemd journal for samba-ad-dc, the following error is displayed: 
Sep 24 20:04:47 samba[24287]: [2018/09/24 20:04:47.142474,  0] ../source4/kdc/kpasswd-service.c:244(kpasswd_process)
Sep 24 20:04:47 samba[24287]:   kpasswd_process: gensec_unwrap failed - NT_STATUS_ACCESS_DENIED

My smb.conf is fairly ordinary.
# Global parameters
       dns forwarder =
       interfaces = tun0 lo
       netbios name =***********
       realm = *****.LOCAL
       server role = active directory domain controller
       workgroup = BWLCS
       idmap_ldb:use rfc2307 = yes

       path = /var/lib/samba/sysvol/*****.local/scripts
       read only = No

       path = /var/lib/samba/sysvol
       read only = No

Torin Woltjer
Grand Dial Communications - A ZK Tech Inc. Company
616.776.1066 ext. 2006

More information about the samba mailing list