[Samba] Some clients cannot change their passwords when they expire.

Rommel Rodriguez Toirac rommelrt at nauta.cu
Wed Jun 3 14:08:18 UTC 2020

 Hello to all;

I use CentOS Linux release 7.8.2003. I have installed samba4 Version 4.11.4

When compiling samba4 I used the following:
./configure --enable-fhs --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-debug --enable-selftest -j2 -p --cross-answers --cross-execute --enable-cups --disable-iprint --with-acl-support --with-profiling-data --with-systemd 

I use samba on three servers, on one as Active Directory and Domain Controller, on the other two servers as Domain Servers mainly to share directories and files or saves. 

The operating systems used as clients in our network range mainly from Windows XP to Windows 10. 

With Windows XP operating systems is happening that when it comes time for a user to change their password, they cannot do it, because the system tells them that they cannot find the domain or it is not available. So I have to change it directly on the samba4 server and that's when they can start their sessions. This situation is happening to me only with PCs with Windows XP operating systems.

What could be happening? 

This is my samba configuration on AD DC server: 

# Global parameters

workgroup = ATGTM00 	 
realm = GTM.ONAT.GOB.CU 	 
netbios name = GTMAD 	 
server role = active directory domain controller 	 
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate 	 
idmap_ldb:use rfc2307 = yes 	 
time server = yes 	 
eventlog list = Application System Security SyslogLinux 	 
log file = /var/log/samba/%m.log 	 
log level = 3 
max log size = 5000 	 
tls enabled = yes 	 
tls keyfile = /var/lib/samba/private/tls/gtmad.gtm.onat.gob.cu.key 	 
tls certfile = /var/lib/samba/private/tls/gtmad.gtm.onat.gob.cu.cert 	 
tls cafile = /var/lib/samba/private/tls/cacert.pem 	 
ldap server require strong auth = allow_sasl_over_tls

path = /var/lib/samba/sysvol/gtm.onat.gob.cu/scripts 
read only = No

path = /var/lib/samba/sysvol 	 
read only = No 

On the other hand,, I would have a problem updating from version 4.11.4 to version 4.12.3 with this configuration? 

Thanks in advance.
Rommel Rodriguez Toirac
rommelrt at nauta.cu

More information about the samba mailing list