Web lists-archives.com

Re: [Samba] Changing expired Samba AD password during Windows login

Thanks for the help, however I don't think your suggestion applies in my case. On a fresh install of Samba 4.7.4 AD you cannot change a user password on a logged in PC through cntl-alt-del -> ChangePassword because the default MinAge is 1 days. I had to use the "samba-tool domain passwordsettings set --min-pwd-age=0" command to make the logged-on style of password change work.

All that remains is getting the PasswordChange "during login" to work.

Maybe I don't understand your suggestion. What GPO should I adjust so that a domain user can change their own expired password when they log into a domain-connected Windows desktop OS?

On 01/19/2018 04:31 AM, Marco Gaiarin via samba wrote:
Mandi! Ken McDonald via samba
   In chel di` si favelave...

I'm running a Samba AD 4.7.4 and cannot set a new password for a user with
an expired password during login from a Windows PC. Changing a password from
inside a login with cntl-alt-del "change password" works ok.
samba-tool domain passwordsettings show
Have you set the GPOs?

'samba-tool domain passwordsettings' works, as a ''global policy'', for
samba domain controller only.
For clients (and windows domain members, in general) you have to set
the same policy in GPO.

Last announcment of 4.8 beta seems this have been 'fixed', eg also
samba domain controllers now obey to GPOs policy.

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba