[Samba] Change local password on a domain-member

Kees van Vloten keesvanvloten at gmail.com
Wed Jun 29 19:28:23 UTC 2022

Hi All,

I order to have access to my server when Samba AD is broken for some 
reason, I have some accounts defined locally and in AD with the same 
UID/GID (not an issue with RFC2307 id-mapping).

Now the passwords are about to expire so I want to change them. The 
domain password is simple, my desktop is also domain-member and a simple 
'passwd' does the trick.

Then when I ssh to the server and type:

passwd -r files
Current Kerberos password:

it seems to ignore the "-r files" and still tries to change the domain 
password. Even from the root user 'passwd -r files user1' changes the 
Kerberos password.

cat /etc/nsswitch.conf

# /etc/nsswitch.conf
passwd:         files systemd winbind
group:          files systemd winbind
shadow:         files
gshadow:        files
hosts:          files dns mymachines
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files
netgroup:       nis

I am running Debian Bullseye with Samba 4.13.13 on the members and 
4.16.2 on AD-DCs.

What can I do to force passwd to change the local password?

- Kees

More information about the samba mailing list