[Samba] Users unable to reset passwords

Rowland Penny rpenny at samba.org
Wed Apr 30 07:46:43 UTC 2025 

On Tue, 29 Apr 2025 17:30:12 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:

> I first reported this problem on this list in July, 2024. Rowland
> suggest I post a bug report on
> https://bugzilla.samba.org/createaccount-save.html, which I did in
> November, 2024, but I've heard nothing back on that and don't know
> how to look up bugs to see if mine was posted.
> 
> I'm going to summarize the problems, then solicit advice.
> 
> Back in Q1, 2024 we upgraded our DC from Samba 4.8.2 to the then
> (Slackware distro) latest samba-4.15.5 and "upgraded" all office
> Windows workstation domain members to Windows 11. We had none of
> these issues with Samba 4.8.2 and Windows 10. All problems listed
> below worked perfectly on those versions.
> 
> We are currently running Samba Version 4.18.9.
> 
> Here is my list of problem with Samba 4.18.9 and/or Windows 11.
> 
> PASSWORDS:
> 
> On the Windows workstations, not all users get notified that their
> password is about to expire.  If they don't change it in time, when
> it does expire, they cannot change it.  They keep getting the
> message, "your password has expired." As the system administrator I
> have to use samba-tool or ADUC to manually reset their password.  I
> have had to do this every 90 days since the upgrade in Q1 2024. 
> 
> If I do reset their passwords, they cannot change them to something
> private until the next day. I assume this is because of "Minimum
> password age (days): 1". However, if I set that to 0 days they can't
> change their password at all.
> 
> Windows Group Policy settings have passwords set to expire in 90
> days. Samba settings are:
> 
> # samba-tool domain passwordsettings show
> Password information for domain 'DC=hprs,DC=local'
> 
> Password complexity: off
> Store plaintext passwords: off
> Password history length: 5
> Minimum password length: 7
> Minimum password age (days): 1
> Maximum password age (days): 90
> Account lockout duration (mins): 15
> Account lockout threshold (attempts): 10
> Reset account lockout after (mins): 30
> 
> REDIRECTED FOLDERS
> 
> With Samba 4.8.2 and Windows 10 the users redirected Desktop,
> Documents, etc. was automatically created when the user logged in for
> the first time.  That no longer works.  Even established users under
> Windows 10 did not get access to their redirected folders after
> ugrading.  Their Desktop, etc.  was set to their local workstation,
> as if there were no Redirected Folder Policy at all.  The Group
> Policy Redirected Folders is unchanged since Windows 10 and I've
> confirmed with Microsoft that the policy is set properly. 
> 
> I've manually pointed users' Desktop to
> \\mail.hprs.local\Users\username\Desktop and that has worked for most
> users, but not for all. In my most recent attempt to "move" a user's
> Desktop I got the errors "No items match your search" or ""Desktop /
> No object for Moniker". I do have some things to try on these errors,
> but the point is, I didn't have to manually move folders to a user's
> Redirected Folder before the upgrade.
> 
> Looking for advice ...
> 
> There are two things I can think of to try:
> 
> 1. Perhaps there is a more recent version of Samba. I can go to
> "samba.org > get Samba" and get the current version. I did that many
> years ago. Perhaps a newer version will fix the problem?
> 
> 2. I can stage a Windows Server AD/DC on a standalone domain and join
> a Windows 11 computer. I'm guessing that Windows-shop users don't
> have this problem, but I need to do that test to determine whether
> the problem is will Samba or Windows 11.
> 
> Does anyone else have any thoughts?
> 
> Has anyone else experienced these problems?
> 
> Christian Naumer reported on this maillist on 26 Jul 2024 that his
> organization experienced the same password problem 1 or 2 years
> before and opined that it was a Samba bug.  They discontinued using
> the auto-expiry feature of Windows and just do things manually.  Not
> really the solution I'm looking for. 
> 
> Does anyone use Redirected Folders? Problems?
> 
> Thanks in advance for responses.
> 
> --Mark
> 

I have just spent sometime searching Samba bugzilla and I cannot find
any bug report on this subject, open, fixed or otherwise. Now this
could be due to incorrect search terms, but did you actually create a
bug report ? The link I provided was to register for bugzilla and then
be able to create a bug report, which would then give you the bug
number.

A quick search seems to indicate that Slackware has Samba 4.22.x
packages, so I suggest you upgrade and see if that fixes your problems.

Rowland

More information about the samba mailing list