[Samba] Samba4 changing a user's password from linux workstation

Julien TEHERY julien.tehery at openevents.fr
Tue May 14 08:28:20 UTC 2019

Le 14/05/2019 à 10:19, Nico Kadel-Garcia via samba a écrit :
> On Tue, May 14, 2019 at 3:42 AM Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> On 14/05/2019 08:30, Julien TEHERY via samba wrote:
>>> Yep I allready tried it, it ends with "kpasswd preauthentication
>>> failed getting initial ticket"
> What does "klist" say? And can you run "kinit" to ensure you have a
> valid ticket? One of my favorite failures is when the time settings
> between the local host, and the Samba or AD server, have drifted from
> each other. There are a lot of very awkward and inconsistent NTP or
> chronyd settings out there, exacerbated when people point NTP to only
> one server and that server is inaccessible to one or more hosts.
Allready logged via graphical UI, I had nothing in klist
Running terminal as root, i did:

kinit myuser

and obtained a valid ticket.

About the date time, all is correctly set up. Workstations and AD have 
exactly same date/time

>>> I must precise we use pam_sssd against Samba4/AD to authenticate.
>>> Here is my /etc/sssd/sssd.conf:
>> Hmm, I wonder if sssd is getting in the way ? No idea, we do not produce
>> sssd, can I suggest asking on the sssd-users mailing list.
>> Rowland
> I've gotten pretty unhappy with "realmd" and "sssd". They try to hide
> a lot of steps away from the user, but the internal interactions are a
> bit of a "mousetrap" game. When it works, you get the mouse. But if
> any of the many steps are even slightly worn, it becomes erratic or
> fails.

More information about the samba mailing list