[Samba] rpcclient & smbpasswd user PASSWORD_MUST_CHANGE

Rowland penny rpenny at samba.org
Wed Jul 22 13:39:37 UTC 2020

On 22/07/2020 14:31, Jeremy Brousseau via samba wrote:
> Hello,
> First of all I would like to apologize if my mail is not clear, this is my first time doing this kind of things !
> I'm currently working within a small AD environment within a single forest-domain which is the following :
>     - DC Windows 2016
>     - Archlinux with samba version 4.12.3
> I currently have a standard domain user named 'test' which has the attribute PASSWORD_MUST_CHANGE set and my goal is to change this password.  During my test is used the following client
> - rpcclient 4.12.3
> -smbpasswd
> When trying to change the password of the user 'test' with smbpasswd i have  no issue and this is behaving like expected (smbpasswd -r -U "CORP.LOCAL\TEST" )
> Commands:
>    smbpasswd -r -U "CORP.LOCAL\test"
>    Old SMB password:
>    New SMB password:
>    Retype new SMB password:
>    Password changed for user test
> My main problem is that when trying to do the same with rpcclient using the 'chgpasswd2' with an anonymous logon I simply got an ACCESS_DENIED.

I stopped reading here, you cannot do an anonymous logon to AD, it isn't 


More information about the samba mailing list