[Samba] Private Key Unavailable After Domain Password Change

Bill Baird Bill.Baird at phoenixmi.com
Tue Sep 22 20:27:59 UTC 2020

They change it on the same local system that is also connected to the VPN.
Since it is a domain account, I don't think it lets them change the
password unless they can properly communicate with the domain controller?

Are you aware of any workarounds, or logs that might help troubleshoot this


On Mon, Sep 14, 2020 at 5:00 PM Andrew Bartlett <abartlet at samba.org> wrote:

> On Mon, 2020-09-14 at 12:11 -0400, Bill Baird via samba wrote:
> > Hi All!
> >
> > We are currently running one AD DC on 4.11.12 and one on 4.10.17
> > (scheduled
> > for replacement later this month). Sometimes when a user changes
> > their
> > domain password, we are seeing an issue where the private key is no
> > longer
> > available.  Users on Windows 10 v1909 or v2004. This does not happen
> > to all
> > users.
> Where do they change their password?  If it isn't locally on the system
> concerned (where it would re-encrypt the key store), I could see how
> the machine would have trouble accessing the keys (via backupkey) until
> the VPN was back up, creating a nasty chicken-and-egg situation.
> Andrew Bartlett
> --
> Andrew Bartlett                       https://samba.org/~abartlet/
> Authentication Developer, Samba Team  https://samba.org
> Samba Developer, Catalyst IT
> https://catalyst.net.nz/services/samba

*Bill Baird*
Chief Security Officer
Mobile: 203-545-0437

*To create an IT ticket, please email itsupport at phoenixmi.com
<itsupport at phoenixmi.com> or call 845-943-4222.*

This electronic message, including its attachments (if any), is 
If you are not the intended recipient, you are hereby notified that any 
use, disclosure, copying, or distribution of this message, its attachments, 
or any of the information included therein, is unauthorized and strictly 
prohibited. If you have received this message in error, please immediately 
notify the sender by reply e-mail and permanently delete this message and 
its attachments, along with any copies thereof.

More information about the samba mailing list