Web lists-archives.com

[Samba] Users cannot change their passwords

Currently running multiple active directory domain controllers on OpenSUSE Leap 15 with Samba 4.7.8

I'm running into an issue where users cannot change their own passwords. On a domain joined Windows laptop logged in as Administrator, trying to change the password results in an error: The user name or password is incorrect, Try again.
At the same time in the systemd journal for samba-ad-dc, the following error is displayed: 
Sep 24 20:04:47 samba[24287]: [2018/09/24 20:04:47.142474,  0] ../source4/kdc/kpasswd-service.c:244(kpasswd_process)
Sep 24 20:04:47 samba[24287]:   kpasswd_process: gensec_unwrap failed - NT_STATUS_ACCESS_DENIED

My smb.conf is fairly ordinary.
# Global parameters
       dns forwarder =
       interfaces = tun0 lo
       netbios name =***********
       realm = *****.LOCAL
       server role = active directory domain controller
       workgroup = BWLCS
       idmap_ldb:use rfc2307 = yes

       path = /var/lib/samba/sysvol/*****.local/scripts
       read only = No

       path = /var/lib/samba/sysvol
       read only = No

Torin Woltjer
Grand Dial Communications - A ZK Tech Inc. Company
616.776.1066 ext. 2006

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba