[Samba] `samba-tool user create --must-change-at-next-login my_user` doesn't appear to work on W10
pgoetz at math.utexas.edu
Sun Oct 31 14:14:21 UTC 2021
On 10/31/21 08:35, Rowland Penny via samba wrote:
> On Sun, 2021-10-31 at 08:23 -0500, Patrick Goetz via samba wrote:
>> Thanks, Roland. I always appreciate your help. I tried it both ways
>> (with option before and after the new user name). Same outcome.
>> But I figured out what was going wrong. The command line order of
>> option doesn't matter. I've was creating users like this:
>> # samba-tool user create dilbert --must-change-at-next-login
>> # samba-tool user setexpiry dilbert --noexpiry
>> Setting the password expiration to no expiration seems to interfere
>> the reset password requirement.
>> If I just create a user like this:
>> # samba-tool user create dolbert --must-change-at-next-login
>> # samba-tool user create --must-change-at-next-login dulbert
>> Then W10 demands a password change before allowing the user to log
>> On the one hand I can see why this might work this way, but it's not
>> logically correct. Requiring a change of password on first login is
>> entirely independent of whether passwords should expire or not.
> If you think it is illogical, take that up with Microsoft. You are
> basically saying 'Expire this users password, but never expire this
> users password'.
Yeah, maybe. In systemd terminology, the initial password change is like
a "oneshot" service, whereas password expiry is a system policy; I view
these as different things.
lol, "Take that up with Microsoft" is like asking someone to rail at Mt.
Olympus. Or asking a Chicagoan to meet you at the corner of Addison and
Madison. I've spent a ridiculous amount of money on an OS I don't even
like to use because my kids like to play Windows games. The way I use
windows is to install it in a VM with no modifications, call this VM
"pristine", clone it, and then only work with the clone until I screw it
up. Then delete the clone and start over from pristine. This has
worked fine with every version of Windows until 10. When I try to clone
and use a licensed Windows 10 VM it tells me my license isn't valid in
the clone and that I need to contact MS support. So I call MS support
and they tell me I have an invalid license.
"You have a bootleg Windows 10 license and need to spend $199 at the MS
store to get a real one"
"But it's perfectly valid in the original VM?"
"You have a bootleg license and need to spend $199 at the MS store to
get a real one"
My guess as to what is happening is when you launch w!0, it registers
the license and host identifier in some database. If it sees a new host
identifier with the same license in too short of a period of time, it
doesn't pass the licensing test and they tell you to call support. This
is why they include the message about "if you've made significant
hardware changes, you must call support". It must be a temporal hold,
because I previously used this license on a test bare metal install a
while back, and it didn't complain when I subsequently used the same
license to create the initial W10 VM. Anyway, the solution is to
snapshot and just work from the original; then restore from snapshot
once the inevitable registry immolation occurs.
More information about the samba