Web lists-archives.com

Re: [Samba] Users cannot change their passwords




On Mon, 24 Sep 2018 20:23:06 GMT
Torin Woltjer via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Currently running multiple active directory domain controllers on
> OpenSUSE Leap 15 with Samba 4.7.8
> 
> I'm running into an issue where users cannot change their own
> passwords. On a domain joined Windows laptop logged in as
> Administrator, trying to change the password results in an error: The
> user name or password is incorrect, Try again. At the same time in
> the systemd journal for samba-ad-dc, the following error is
> displayed: Sep 24 20:04:47 samba[24287]: [2018/09/24
> 20:04:47.142474,
> 0] ../source4/kdc/kpasswd-service.c:244(kpasswd_process) Sep 24
> 20:04:47 samba[24287]:   kpasswd_process: gensec_unwrap failed -
> NT_STATUS_ACCESS_DENIED
> 
> My smb.conf is fairly ordinary.
> # Global parameters
> [global]
>        dns forwarder = 8.8.8.8
>        interfaces = tun0 lo
>        netbios name =***********
>        realm = *****.LOCAL
>        server role = active directory domain controller
>        workgroup = BWLCS
>        idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
>        path = /var/lib/samba/sysvol/*****.local/scripts
>        read only = No
> 
> [sysvol]
>        path = /var/lib/samba/sysvol
>        read only = No
> 
> Torin Woltjer
>  
> Grand Dial Communications - A ZK Tech Inc. Company
>  
> 616.776.1066 ext. 2006
> www.granddial.com
> 
> 

Is this with MIT as the kdc ?
If so, it seems to be a known bug.

If it is MIT and these are DC's in production, then can I suggest you
migrate to Heimdal instead of MIT, the use of MIT is experimental.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba