[Samba] Password policy for user-managed passwords

Philippe LeCavalier support at plecavalier.com
Mon Nov 1 14:30:43 UTC 2021


On Mon, Nov 1, 2021 at 10:10 AM mj via samba <samba at lists.samba.org> wrote:

> Perhaps your issue is described here:
>
> > There are two possible ways to modify the unicodePwd attribute. The
> > first is similar to a normal user change password operation. In this
> > case, the modify request must contain both a delete and an add
> > operation. The delete operation must contain the current password
> > with quotes around it. The add operation must contain the desired new
> > password with quotes around it.
> >
> > The second way to modify this attribute is analogous to an
> > administrator resetting a password for a user. In order to do this,
> > the client must bind as a user with sufficient permissions to modify
> > another user's password. This modify request should contain a single
> > replace operation with the new desired password surrounded by quotes.
> > If the client has sufficient permissions, this password becomes the
> > new password, regardless of what the old password was.
>
> Read more here:
>
> https://docs.microsoft.com/en-us/troubleshoot/windows/win32/change-windows-active-directory-user-password
>
> MJ
>
If that were to be the case a newly created account would experience the
same issue but it doesn't. New users can CTRL+ALT+DEL and change their
passwords. I wonder if it might have to do with the particular user having
the setexpiry to 0? I'll try setting it to 90 and see if she can change it.


More information about the samba mailing list