Re: [Samba] Changing expired Samba AD password during Windows login
- Date: Wed, 31 Jan 2018 20:24:38 +0100
- From: Micha Ballmann via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Changing expired Samba AD password during Windows login
Waiting Ubuntu 18.04. No extra compiling for MIT Kerberos need.
There are all dependencies you need:
# apt-get install acl attr autoconf bind9utils bison build-essential debhelper dnsutils docbook-xml docbook-xsl flex gdb libjansson-dev krb5-user libacl1-dev libaio-dev libarchive-dev libattr1-dev libblkid-dev libbsd-dev libcap-dev libcups2-dev libgnutls28-dev libgpgme-dev libjson-perl libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl libpopt-dev libreadline-dev nettle-dev perl perl-modules-5.26 pkg-config python-all-dev python-crypto python-dbg python-dev python-dnspython python3-dnspython python-gpg python3-gpg python-markdown python3-markdown python3-dev xsltproc zlib1g-dev libkrb5-dev krb5-kdc
Am 31. Januar 2018 18:23:56 MEZ schrieb Ken McDonald via samba <samba@xxxxxxxxxxxxxxx>:
>I went back and re-installed on a clean VM of Ubuntu Server 16.04.3 and
>built Samba 4.7.4 with default configuration and it works just fine to
>change expired passwords at login. I should have tested this default
>configuration a while back.
>I was trying to use MIT Kerberos instead of Hemidal and had followed
>the directions on this link:
>In order to make all the builds work for MIT Kerberos and Samba 4.7.4
>Ubuntu Server 16.04.3, I had to install a lot of other related
>dependencies and customize install paths, etc. There must be something
>incorrect with my config that is causing the expired password problem.
>As I understand it, using MIT Kerberos instead of Heimdal is the
>preferred way of implementing a Samba AD to ensure the widest level of
>compatibility with the overall Windows Server ecosphere? Yes?
>On 01/29/2018 01:52 PM, Kacper Wirski via samba wrote:
>> I can only share my experience:
>> domain with only samba DC's (started from samba 4.4 updated to 4.7 in
>> the meantime), windows clients (vista, 7, 8.1 and 10) no problem
>> whatsoever, passwords are changed every X days, and users have no
>> problem with the procedure (prompt "your password has expired" ->
>> enters new password -> "you password was changed" -> OK) and that's
>> Only samba-tool was used to enforce password policy, I didn't need to
>> set anything in GPO in order to make it work.
>> Only thing that is coming to my mind is maybe an issue with kerberos?
>> I know for a fact, that windows since august 2016 requires kerberos
>> change expired password. Other than this I'm sorry.
>> W dniu 29.01.2018 o 13:49, Ken McDonald via samba pisze:
>>> Ok, so I tried all the suggestions without success.
>>> Unless I hear back from someone saying it is NOT possible for a user
>>> to change an expired password during login from a Domain account on
>>> Samba 4.7.4 AD domain (only 1 DC, and I also tried latest dev
>>> release), then I will proceed with more in-depth troubleshooting,
>>> file debugging, and mock-up VM's in order to determine what is
>>> Effectively for me, Samba AD is unusable unless users can change an
>>> expired password during login like they can when running on a pure
>>> Windows Server AD domain.
>>> Thanks for everyone (anyone?) and their assistance!
>To unsubscribe from this list go to the following URL and read the
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
To unsubscribe from this list go to the following URL and read the