[Samba] rpcclient & smbpasswd user PASSWORD_MUST_CHANGE
Rowland penny
rpenny at samba.org
Wed Jul 22 13:39:37 UTC 2020
On 22/07/2020 14:31, Jeremy Brousseau via samba wrote:
> Hello,
>
> First of all I would like to apologize if my mail is not clear, this is my first time doing this kind of things !
>
> I'm currently working within a small AD environment within a single forest-domain which is the following :
> - DC Windows 2016
> - Archlinux with samba version 4.12.3
>
> I currently have a standard domain user named 'test' which has the attribute PASSWORD_MUST_CHANGE set and my goal is to change this password. During my test is used the following client
> - rpcclient 4.12.3
> -smbpasswd
>
> When trying to change the password of the user 'test' with smbpasswd i have no issue and this is behaving like expected (smbpasswd -r 10.10.10.2 -U "CORP.LOCAL\TEST" )
> Commands:
> smbpasswd -r 10.10.10.193 -U "CORP.LOCAL\test"
> Old SMB password:
> New SMB password:
> Retype new SMB password:
> Password changed for user test
>
> My main problem is that when trying to do the same with rpcclient using the 'chgpasswd2' with an anonymous logon I simply got an ACCESS_DENIED.
I stopped reading here, you cannot do an anonymous logon to AD, it isn't
allowed.
Rowland
More information about the samba
mailing list