[Samba] Difficulties retrieving randomly assigned password for newly created Samba user acounts
Stephen
stephen at ogdenradar.com
Mon Apr 29 09:10:37 UTC 2019
Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to
the help offered by everyone here I now finally have a mostly-working
Active Directory network.
I am now at the stage of creating inidividual user accounts for my
domain and unfortunately I have a very basic but fundamental problem! I
currently enter the following input at the command-line to create a new
user on my DC:
pi at ad1:~ $ sudo samba-tool user create "$USERNAME"
--given-name="$GIVENNAME" --surname="$SURNAME" --mail-address="$EMAIL"
--company="$COMPANY" --random-password --must-change-at-next-login
--nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH"
--home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH"
--login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER"
--gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD"
User 'stephenellwood' created successfully
After entering this, you see I get a confirmation prompt indicating my
user was created. When I hop onto my domain fileserver, I can see the
new user, and this gives me additional confidence this has actually been
created:
pi at fs1:~ $ wbinfo -u
stephenellwood
administrator
krbtgt
guest
In the switches passed to samba-tool previously you will see that I have
requested a both a *random password* and that *this must be changed at
the next login*. Crucially though, how do I find out what
stephenellwood's randomly assigned password actually is so I can login
to this account for the first time? Without this I am stuck - I have a
new user account with an unknown randomised password and thus cannot login.
Ultimately since I couldn't retrieve the random password for
stephenellwood I then attempted to reset stephenellwood's password
manually myself to a known string value using samba-tool. Unfortunately
this also didn't seem to work:
sudo samba-tool user password --newpassword="$NEWPASSWORD" -U
"Administrator"
Password for [OSSL\Administrator]:
ERROR: Failed to change password : (-1073741716,
"samr_ChangePasswordUser3 for 'OSSL\\Administrator' failed:
NT_STATUS_PASSWORD_RESTRICTION")
I would really appreciate any help and advice anybody can offer
regarding this matter as I am now stuck at this point :)
Thanks
Stephen Ellwood
More information about the samba
mailing list