[Samba] Difficulties retrieving randomly assigned password for newly created Samba user acounts

Stephen stephen at ogdenradar.com
Mon Apr 29 09:10:37 UTC 2019 

Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to 
the help offered by everyone here I now finally have a mostly-working 
Active Directory network.
I am now at the stage of creating inidividual user accounts for my 
domain and unfortunately I have a very basic but fundamental problem! I 
currently enter the following input at the command-line to create a new 
user on my DC:

pi at ad1:~ $ sudo samba-tool user create "$USERNAME" 
--given-name="$GIVENNAME" --surname="$SURNAME" --mail-address="$EMAIL" 
--company="$COMPANY" --random-password --must-change-at-next-login 
--nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" 
--home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" 
--login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" 
--gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD"
User 'stephenellwood' created successfully

After entering this, you see I get a confirmation prompt indicating my 
user was created. When I hop onto my domain fileserver, I can see the 
new user, and this gives me additional confidence this has actually been 
created:

pi at fs1:~ $ wbinfo -u
stephenellwood
administrator
krbtgt
guest

In the switches passed to samba-tool previously you will see that I have 
requested a both a *random password* and that *this must be changed at 
the next login*. Crucially though, how do I find out what 
stephenellwood's randomly assigned password actually is so I can login 
to this account for the first time?  Without this I am stuck - I have a 
new user account with an unknown randomised password and thus cannot login.

Ultimately since I couldn't retrieve the random password for 
stephenellwood I then attempted to reset stephenellwood's password 
manually myself to a known string value using samba-tool. Unfortunately 
this also didn't seem to work:

sudo samba-tool user password --newpassword="$NEWPASSWORD" -U 
"Administrator"
Password for [OSSL\Administrator]:
ERROR: Failed to change password : (-1073741716, 
"samr_ChangePasswordUser3 for 'OSSL\\Administrator' failed: 
NT_STATUS_PASSWORD_RESTRICTION")

I would really appreciate any help and advice anybody can offer 
regarding this matter as I am now stuck at this point :)

Thanks
Stephen Ellwood

More information about the samba mailing list