[Samba] Users unable to reset passwords
Rowland Penny
rpenny at samba.org
Sun May 18 15:58:44 UTC 2025
On Sun, 18 May 2025 11:43:17 -0400
Mark Foley via samba <samba at lists.samba.org> wrote:
> On Sun May 18 03:22:40 2025 Penny via samba <samba at lists.samba.org>
> wrote:
> >
> > On Sat, 17 May 2025 00:46:20 -0400
> > Mark Foley via samba <samba at lists.samba.org> wrote:
> >
> > > I'm trying to solve a couple of problems with Samba 4.18.19 and
> > > Windows 11. I've described these in detail in previous messages in
> > > this thread, so I'll be brief here:
> > >
> > > 1. Not all users get notified of password expiration and in any
> > > case, if they permit their passwords to expire they cannot reset
> > > with the "reset password" dialog. I have to do so with
> > > samba-tool.
> > >
> > > 2. The Redirected Folder Policy does not work.
> > >
> > > Both of these features worked fine with Samba 4.8.2 and Windows
> > > 10.
> > >
> > > I am running Slackware 15.0 and although I've been encouraged to
> > > move on to Debian, I've been running Samba as AD/DC on Slackware
> > > for 11 years without actual problem, so I'll see what I can do
> > > before abandoning that ship.
> > >
> > > I'm going to test 3 ways:
> > >
> > > A. I will upgrade Samba to the latest 4.22.1, downloaded from
> > > samba.org, but keeping all the domain users, group, policies, etc.
> > >
> > > B. If that doesn't work I will wipe the system and install and
> > > provision 4.22.1 from scratch.
> > >
> > > C. If that doesn't work I will stage an actual Windows DC and see
> > > if the problem exists on that platform.
> > >
> > > If B does not work but C does, I'll file a bug report for Samba.
> > > Then I'll have to decide whether I want to live with the
> > > password/redirected-folders issues on Samba or go with Windows. My
> > > inclination is to stick with Samba anyway as its better security
> > > and normally easier management is why I went with Samba over
> > > Windows 11 years ago.
> > >
> > > Results thus far:
> > >
> > > Plan A
> > >
> > > Slackware Samaba uses MIT Kerberos, but my installation of that
> > > was too old for Samba 4.22.1 so I switched to Heimdal (I think).
> > > After researching what went where my configure options were:
> > >
> > > ./configure --prefix /var/lib/samba/ --sbindir=/usr/sbin/ \
> > > --sysconfdir=/etc/samba/ --without-systemd --bindir=/usr/bin
> > > --disable-cups
> >
> > I did say that building Samba for a distro was a bit more involved
> > than what you were proposing and that, in my opinion, still wasn't
> > enough. A quick internet search led me here:
> >
> > https://slackware.uk/slackware/slackware64-15.0/source/n/samba/samba.SlackBuild
>
> That looks like a build script for a slackpkg. If plan B fails I'll
> revisit Plan A and possibly try this.
It is, I no longer build Samba myself and I have never built it on
Slackware, so I think you need to ask Slackware just how they build
their Samba package(s), but it may just be that you need to remove '
--with-system-mitkrb5 --with-experimental-mit-ad-dc' from the
'PAM_OPTIONS' line in the script I pointed to (though what using MIT
kerberos has to do with PAM, beats me).
Rowland
More information about the samba
mailing list