[Samba] Users/admin unable to reset passwords

Andrew Bartlett abartlet at samba.org
Mon Jan 29 00:28:49 UTC 2024 

On Wed, 2024-01-24 at 16:02 -0500, Mark Foley via samba wrote:
> It looks like I'm having a serious problem with passwords and domain
> credentials.
> After joining the office Windows workstations as domain members to
> the new AD, Iused ADUC to set everyone's password to some value so I
> could verify their appsgot updated when logging in.  After doing
> that, I again used ADUC to check thebox requiring everyone to change
> their passsword when logging in. 
> The next day when users arrived, they got the message to change their
> password,but the system would not accept the new password.  I had to
> go back into ADUCand un-set that checkbox.  Then users could log in
> with the password I had setand change it with Ctrl-Alt-DEL. 
> As an additional experiment, I used samba-tool to set one of the
> users to havehis password expire in two days.  Which it did
> today.  He got no message leadingup to this telling him his password
> was about to expire, as used to happen, butit did expire today and
> prevented him from logging in at all, and did not prompthim to set a
> new password. 
> I went to ADUC and set his profile to never expire the password, then
> set thepassword itself to some values. He still could not log in.
> I then used samba-tool to set his password. He could not and still
> cannot login.
> What's up here? This user is now completely unable to log into his
> workstationat all, not can it be logged into remotely.  The RDC
> dialog says "credentialsfailed".  As admin I don't seem to have the
> ability to let him in.  I amconcerned as to what will happen when the
> other users' password time limiteexpires. 
> The Windows workstations are the exact same ones that were connected
> to theprevious Samba 4.8.2 domain. All that has changed is they have
> been unjoinedthen rejoined to the new 4.8.19 domain.

Is this a Samba 4.19 domain?  Can you clarify the version?
What is in the server logs?
This is meant to work, and we do have tests for this area, but perhaps
something hasn't been covered. 
Andrew Bartlett

-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list