Re: [Samba] How to change Domain password as normal user?
- Date: Sat, 31 Mar 2018 17:04:22 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] How to change Domain password as normal user?
On Sat, 31 Mar 2018 11:42:07 -0400
Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On Sat, 31 Mar 2018 12:25:14 +0100 Rowland Penny <rpenny@xxxxxxxxx>
> > This will then prompt the user for their 'oldpassword' and then the
> > new password (twice). There is a gotcha though, as given it will
> > only work on a DC, to do the password change from a Unix domain
> > member, you need to add '--ipaddress=DCIPADDRESS'
> I'll try that after I've figured out what the user's expiration
> status is. With respect to this command, would the full syntax be:
> samba-tool user password -U <myuser> --ipaddress=192.168.0.2
> I've tried that with no syntax error, but haven't pulled the trigger
> yet to change the password. I've also tried --ipaddress=dchostname
> which also did not give a syntax error.
Never tried it with the hostname, but I think the option name gives a
big hint ;-)
> > Are you reading 'msDS-UserPasswordExpiryTimeComputed' with the
> > ldbsearch below ? If so, is the result actually '89' are you using
> > some calculation to get '89' ? I ask this because I would expect the
> > attribute to contain something like '9223372036854775807'
> Yes, the same ldbsearch. In fact, that and the calculation were
> given to me by you a couple of years ago. The rest of the
> calculation is:
> > If you are trying to find out if the users password has expired or
> > is near to, you can use rpcclient for this.
> I did the following:
> # rpcclient -U "" -N 192.168.0.2
> rpcclient $> enumdomusers
> user:[mark] rid:[0x457]
> rpcclient $> queryuser 0x457
> User Name : mark
> Full Name : Mark Foley
> (empty lines removed)
> Logon Time : Thu, 29 Mar 2018 17:12:54 EDT
> Logoff Time : Wed, 31 Dec 1969 19:00:00 EST
> Kickoff Time : Wed, 31 Dec 1969 19:00:00 EST
> Password last set Time : Wed, 28 Mar 2018 23:59:08 EDT
> Password can change Time : Wed, 28 Mar 2018 23:59:08 EDT
> Password must change Time: Wed, 27 Jun 2018 00:00:11 EDT
> Not sure I see where the expiration is except that Kickoff Time is
> set to Dec 31st, 1969 which is likely a zero in that field. Is that
> the problem?
When the users password expires it must be changed (hint, hint) ;-)
Or an even bigger hint, the user needs to change their password before
the 27th of June
> Why would passwd and kpasswd not reset that?
I have no real idea, but it might have something to do with neither of
having anything to do with AD.
To unsubscribe from this list go to the following URL and read the