[Samba] Samba AD DC: users cannot change expired passwords
tpluess at ieee.org
Mon Sep 25 11:48:21 UTC 2023
I have exactly the same behaviour. I just tested what happens when I try to
run kinit first.
kinit itself works fine, but it does not help with the expired passwords
On Mon, Sep 25, 2023 at 1:20 PM Kees van Vloten via samba <
samba at lists.samba.org> wrote:
> Op 25-09-2023 om 11:54 schreef Pluess, Tobias via samba:
> > Hi all,
> > I am running a Samba AD DC (version 4.18.6). It basically works very
> > However when testing, I found the following issue:
> > I create a new user account in AD, provide an initial password and set
> > "user must change the password at the next login".
> > I have only a Windows 10 machine to test, so I am going to the Windows 10
> > machine and try to login with the newly created user account and initial
> > password. Windows then correctly display "the password is expired" and
> > provides a dialog to enter the new password. However when the new
> > is entered and confirmed with "OK", I get again the message "the password
> > is expired". No matter what, I cannot get around this message and the
> > created user is never able to log in.
> > Further, what is even more strange is, that I can even get the message
> > about the expired password when I enter something completely different
> > the initial password. I can essentially enter anything, even a blank
> > password, and get the message "the password is expired" and I am never
> > able to change it.
> > Only when I log in as the domain admin, I can reset the user's password.
> > I already changed password history and min-password-age and so on to 0,
> > it still does not yet work. However, luckily, users are able to change
> > their own password using ctrl+alt+delete. However, why does it not work
> > during login?
> > I have already seen other people had similar issues on Windows 10, but I
> > didn't find out if anybody ever found a solution to this problem.
> > I am happy for any hints.
> > Thanks,
> > best
> > Tobias
> I have experienced exactly the same issue (also on 4.18.6). Even with
> kinit on Linux you cannot change an expired password.
> - Kees.
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba