[Samba] Users unable to reset passwords

Mark Foley mfoley at novatec-inc.com
Wed Apr 30 15:25:40 UTC 2025 

On Wed, 30 Apr 2025 08:46:43 Rowland Penny wrote:
>
> On Tue, 29 Apr 2025 17:30:12 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
> > I first reported this problem on this list in July, 2024. Rowland
> > suggest I post a bug report on
> > https://bugzilla.samba.org/createaccount-save.html, which I did in
> > November, 2024, but I've heard nothing back on that and don't know
> > how to look up bugs to see if mine was posted.
> > 
> > I'm going to summarize the problems, then solicit advice.
> > 
> > Back in Q1, 2024 we upgraded our DC from Samba 4.8.2 to the then
> > (Slackware distro) latest samba-4.15.5 and "upgraded" all office
> > Windows workstation domain members to Windows 11. We had none of
> > these issues with Samba 4.8.2 and Windows 10. All problems listed
> > below worked perfectly on those versions.
> > 
> > We are currently running Samba Version 4.18.9.
> > 
> > Here is my list of problem with Samba 4.18.9 and/or Windows 11.
> > 
> > PASSWORDS:
> > 
> > On the Windows workstations, not all users get notified that their
> > password is about to expire.  If they don't change it in time, when
> > it does expire, they cannot change it.  They keep getting the
> > message, "your password has expired." As the system administrator I
> > have to use samba-tool or ADUC to manually reset their password.  I
> > have had to do this every 90 days since the upgrade in Q1 2024. 
> > 
> > If I do reset their passwords, they cannot change them to something
> > private until the next day. I assume this is because of "Minimum
> > password age (days): 1". However, if I set that to 0 days they can't
> > change their password at all.
> > 
> > Windows Group Policy settings have passwords set to expire in 90
> > days. Samba settings are:
> > 
> > # samba-tool domain passwordsettings show
> > Password information for domain 'DC=hprs,DC=local'
> > 
> > Password complexity: off
> > Store plaintext passwords: off
> > Password history length: 5
> > Minimum password length: 7
> > Minimum password age (days): 1
> > Maximum password age (days): 90
> > Account lockout duration (mins): 15
> > Account lockout threshold (attempts): 10
> > Reset account lockout after (mins): 30
> > 
> > REDIRECTED FOLDERS
> > 
> > With Samba 4.8.2 and Windows 10 the users redirected Desktop,
> > Documents, etc. was automatically created when the user logged in for
> > the first time.  That no longer works.  Even established users under
> > Windows 10 did not get access to their redirected folders after
> > ugrading.  Their Desktop, etc.  was set to their local workstation,
> > as if there were no Redirected Folder Policy at all.  The Group
> > Policy Redirected Folders is unchanged since Windows 10 and I've
> > confirmed with Microsoft that the policy is set properly. 
> > 
> > I've manually pointed users' Desktop to
> > \\mail.hprs.local\Users\username\Desktop and that has worked for most
> > users, but not for all. In my most recent attempt to "move" a user's
> > Desktop I got the errors "No items match your search" or ""Desktop /
> > No object for Moniker". I do have some things to try on these errors,
> > but the point is, I didn't have to manually move folders to a user's
> > Redirected Folder before the upgrade.
> > 
> > Looking for advice ...
> > 
> > There are two things I can think of to try:
> > 
> > 1. Perhaps there is a more recent version of Samba. I can go to
> > "samba.org > get Samba" and get the current version. I did that many
> > years ago. Perhaps a newer version will fix the problem?
> > 
> > 2. I can stage a Windows Server AD/DC on a standalone domain and join
> > a Windows 11 computer. I'm guessing that Windows-shop users don't
> > have this problem, but I need to do that test to determine whether
> > the problem is will Samba or Windows 11.
> > 
> > Does anyone else have any thoughts?
> > 
> > Has anyone else experienced these problems?
> > 
> > Christian Naumer reported on this maillist on 26 Jul 2024 that his
> > organization experienced the same password problem 1 or 2 years
> > before and opined that it was a Samba bug.  They discontinued using
> > the auto-expiry feature of Windows and just do things manually.  Not
> > really the solution I'm looking for. 
> > 
> > Does anyone use Redirected Folders? Problems?
> > 
> > Thanks in advance for responses.
> > 
> > --Mark
> > 
>
> I have just spent sometime searching Samba bugzilla and I cannot find
> any bug report on this subject, open, fixed or otherwise. Now this
> could be due to incorrect search terms, but did you actually create a
> bug report ? The link I provided was to register for bugzilla and then
> be able to create a bug report, which would then give you the bug
> number.
>
> A quick search seems to indicate that Slackware has Samba 4.22.x
> packages, so I suggest you upgrade and see if that fixes your problems.
>
> Rowland

Thanks Rowland,

I may try again on the bugzilla list. I've used that before for other Mozilla
apps. After I "registered" I was expecting a return email saying I had
successfully registered, but I received nothing. I thought perhaps my
registration was rejected.

I'll try the new Samba and if still a problem I'll try again with the bug report.

--Mark

More information about the samba mailing list