Web lists-archives.com

[Samba] Difficulties retrieving randomly assigned password for newly created Samba user acounts




Hi everyone, I am using Samba 4.5.16-Debian on Raspbian and thanks to the help offered by everyone here I now finally have a mostly-working Active Directory network. I am now at the stage of creating inidividual user accounts for my domain and unfortunately I have a very basic but fundamental problem! I currently enter the following input at the command-line to create a new user on my DC:

pi@ad1:~ $ sudo samba-tool user create "$USERNAME" --given-name="$GIVENNAME" --surname="$SURNAME" --mail-address="$EMAIL" --company="$COMPANY" --random-password --must-change-at-next-login --nis-domain="$WIN_DOMAIN" --unix-home="$UNIXHOMEFOLDERPATH" --home-drive="H" --home-directory="$WINDOWSHOMEFOLDERPATH" --login-shell="/usr/bin/git-shell" --uid-number="$UIDNUMBER" --gid-number=10000 -U "administrator%$SAMBA_ADMIN_PASSWORD"
User 'stephenellwood' created successfully

After entering this, you see I get a confirmation prompt indicating my user was created. When I hop onto my domain fileserver, I can see the new user, and this gives me additional confidence this has actually been created:

pi@fs1:~ $ wbinfo -u
stephenellwood
administrator
krbtgt
guest

In the switches passed to samba-tool previously you will see that I have requested a both a *random password* and that *this must be changed at the next login*. Crucially though, how do I find out what stephenellwood's randomly assigned password actually is so I can login to this account for the first time?  Without this I am stuck - I have a new user account with an unknown randomised password and thus cannot login.

Ultimately since I couldn't retrieve the random password for stephenellwood I then attempted to reset stephenellwood's password manually myself to a known string value using samba-tool. Unfortunately this also didn't seem to work:

sudo samba-tool user password --newpassword="$NEWPASSWORD" -U "Administrator"
Password for [OSSL\Administrator]:
ERROR: Failed to change password : (-1073741716, "samr_ChangePasswordUser3 for 'OSSL\\Administrator' failed: NT_STATUS_PASSWORD_RESTRICTION")

I would really appreciate any help and advice anybody can offer regarding this matter as I am now stuck at this point :)

Thanks
Stephen Ellwood


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba