[Samba] Private Key Unavailable After Domain Password Change

Andrew Bartlett abartlet at samba.org
Mon Sep 14 21:00:44 UTC 2020

On Mon, 2020-09-14 at 12:11 -0400, Bill Baird via samba wrote:
> Hi All!
> We are currently running one AD DC on 4.11.12 and one on 4.10.17
> (scheduled
> for replacement later this month). Sometimes when a user changes
> their
> domain password, we are seeing an issue where the private key is no
> longer
> available.  Users on Windows 10 v1909 or v2004. This does not happen
> to all
> users.

Where do they change their password?  If it isn't locally on the system
concerned (where it would re-encrypt the key store), I could see how
the machine would have trouble accessing the keys (via backupkey) until
the VPN was back up, creating a nasty chicken-and-egg situation.

Andrew Bartlett
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          

More information about the samba mailing list