[Samba] Users cannot change their passwords

Rowland Penny rpenny at samba.org
Tue Sep 25 11:08:12 UTC 2018 

On Tue, 25 Sep 2018 10:40:52 +0000
Jon Gerdes via samba <samba at lists.samba.org> wrote:

> On Tue, 2018-09-25 at 09:59 +0100, Rowland Penny via samba wrote:
> > On Tue, 25 Sep 2018 20:49:07 +1200
> > Andrew Bartlett <abartlet at samba.org> wrote:
> > 
> > > On Tue, 2018-09-25 at 09:44 +0100, Rowland Penny via samba wrote:
> > > > On Mon, 24 Sep 2018 21:22:06 GMT
> > > > "Torin Woltjer" <torin.woltjer at granddial.com> wrote:
> > > > 
> > > > > 
> > > > > Thanks for the quick reply, I believe I am using MIT based on
> > > > > log
> > > > > file names; but is there a better way to tell? I'm not very
> > > > > knowledgeable about the distinction between MIT and Heimdal
> > > > > regarding
> > > > > KDC. Can you direct me to a resource that explains how to make
> > > > > the
> > > > > switch as I am just using the  defaults in SUSE. Additionally,
> > > > > many of the domains experiencing this bug were working fine;
> > > > > before migrating them from Ubuntu 16.04. Is this because the
> > > > > bug
> > > > > was introduced in a newer version that I am now using? Is the
> > > > > bug
> > > > > fixed in a version newer than what I am using now?
> > > > > 
> > > > > Thanks again, I appreciate the help.
> > > > > 
> > > > > Torin Woltjer
> > > > >  
> > > > > Grand Dial Communications - A ZK Tech Inc. Company
> > > > >  
> > > > > 616.776.1066 ext. 2006
> > > > > www.granddial.com
> > > > > 
> > > > > 
> > > > 
> > > > Took some finding, but I am now very sure that the opensuse
> > > > Samba AD
> > > > DC
> > > > uses MIT instead of Heimdal, so this makes it inadvisable to use
> > > > in
> > > > production. There are just too many problems to make it usable,
> > > > the
> > > > password problem being one of them.
> > > > 
> > > > I am sorry, but, as far as I am aware, there is no RPM based
> > > > distro
> > > > that has production ready Samba packages, I also have a feeling
> > > > that
> > > > the Ubuntu packages now use MIT, so this really just leaves
> > > > Debian
> > > > etc.
> > > 
> > > I've not seen any indication that Ubuntu has changed to MIT
> > > Kerberos,
> > > thankfully.
> > > 
> > > Andrew Bartlett
> > > 
> > 
> > I thought I had seen it somewhere, but I bow to your superior
> > knowledge.
> > 
> > Rowland
> > 
> 
> Following the advice here "Verifying if Samba Has Been Built with MIT
> Kerberos Support"  
> https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
> 
> ... in reverse:
> 
> $ cat /etc/os-release 
> NAME="Ubuntu"
> VERSION="18.04.1 LTS (Bionic Beaver)"
> 
> $ smbd -b | grep HAVE_LIBKADM5SRV_MIT
> $ 
> 
> So, no MIT involved on Ubuntu
> 
> Cheers
> Jon

Thanks for that.

So, it looks like 'RPM' = Experimental, 'DEB' = Production. Of course
there is always 'Gentoo', but I suppose that distro falls into the
'compile it yourself' realm :-)

Rowland

More information about the samba mailing list