Web lists-archives.com

Re: [Samba] How to change Domain password as normal user?




On Thu, 05 Apr 2018 11:31:18 -0400
Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:

> OK, I'm having issues with the problem.  To summarize, I'm trying to
> have a normal user change his password from a domain member.  I've
> tried: passwd, kpasswd and 'samba-tool user password -U $USER
> --ipaddress=<IPofAD/DC>'.  All mechanisms do change the domain
> password and I can log into Windows and Linux domain members, and
> website requiring domain authentication. 
> 
> HOWEVER, after 1 to 3 days the account become locked out.  About 2
> days ago I did the samba-tool method and reported in this thread that
> it worked.  Today I tried to log into my Windows workstation and was
> locked out.  The Samba log message was:
> 
> [2018/04/05 05:11:38.549997, 2] authentication for user [HPRS/myuser]
> FAILED with error NT_STATUS_ACCOUNT_LOCKED_OUT
> 
> ntlm_auth gives:
> 
> Unable to Authenticate: NT_STATUS_ACCOUNT_LOCKED_OUT: Account locked
> out (0xc0000234)
> 
> This all despite the rcpclient saying the expiration is in July.
> 

The problem here is that you are mixing up an expired password and an
account that is locked out.
An account can get logged out for various reasons, but the main one is
something trying to auth with an old or wrong password. Do you have
anything that tries to authenticate to AD with the username and
password, if so, check it is using the right password, mobile phones
are a favourite place to start.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba