Julien TEHERY
2019-May-14 07:30 UTC
[Samba] Samba4 changing a user's password from linux workstation
Le 14/05/2019 à 09:12, Rowland penny via samba a écrit :> On 14/05/2019 07:32, Julien TEHERY via samba wrote: >> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>> Hi >>>> >>>> I'm trying to find a way to change user passwords from ubuntu >>>> client workstation on a samba4 domain. >>>> I tried in CLI from the client workstation (ubuntu 14.04) with: >>>> >>>> - smbpasswd -U $user >>>> >>>> => In this case, password seemed to be updated, but "wbinfo -a" >>>> didn't worked with the new password, the old one was still active. >>>> >>>> - samba-tool user setpassword $user >>>> => In this case i got a "ldb_search: /invalid basedn '(null)'/" >>>> >>>> >>>> What's the proper way to change the users password from the linux >>>> clients in a samba4 domain? >>>> >>>> Thanks for your help >>>> >>> What sort of Samba domain, NT4-style or AD >>> >>> Rowland >> We use AD style >> >> > > Try 'kpasswd' > > RowlandYep I allready tried it, it ends with "kpasswd preauthentication failed getting initial ticket" I must precise we use pam_sssd against Samba4/AD to authenticate. Here is my /etc/sssd/sssd.conf: [sssd] config_file_version = 2 domains = mydomain.lan services = nss, pam default_domain_suffix = mydomain.lan [domain/mydomain.lan] id_provider = ad auth_provider = ad chpass_provider=ad access_provider = ad ldap_id_mapping = True default_shell = /bin/bash use_fully_qualified_names = False override_homedir = /users/home/%u fallback_homedir = /users/home/%u krb5_use_enterprise_principal=false krb5_validate = False krb5_store_password_if_offline = False ad_domain = mydomain.lan krb5_realm = MYDOMAIN.LAN realmd_tags = manages-system joined-with-samba
Rowland penny
2019-May-14 07:41 UTC
[Samba] Samba4 changing a user's password from linux workstation
On 14/05/2019 08:30, Julien TEHERY via samba wrote:> Le 14/05/2019 à 09:12, Rowland penny via samba a écrit : >> On 14/05/2019 07:32, Julien TEHERY via samba wrote: >>> Le 13/05/2019 à 18:44, Rowland penny via samba a écrit : >>>> On 13/05/2019 16:11, Julien TEHERY via samba wrote: >>>>> Hi >>>>> >>>>> I'm trying to find a way to change user passwords from ubuntu >>>>> client workstation on a samba4 domain. >>>>> I tried in CLI from the client workstation (ubuntu 14.04) with: >>>>> >>>>> - smbpasswd -U $user >>>>> >>>>> => In this case, password seemed to be updated, but "wbinfo -a" >>>>> didn't worked with the new password, the old one was still active. >>>>> >>>>> - samba-tool user setpassword $user >>>>> => In this case i got a "ldb_search: /invalid basedn '(null)'/" >>>>> >>>>> >>>>> What's the proper way to change the users password from the linux >>>>> clients in a samba4 domain? >>>>> >>>>> Thanks for your help >>>>> >>>> What sort of Samba domain, NT4-style or AD >>>> >>>> Rowland >>> We use AD style >>> >>> >> >> Try 'kpasswd' >> >> Rowland > > Yep I allready tried it, it ends with "kpasswd preauthentication > failed getting initial ticket" > I must precise we use pam_sssd against Samba4/AD to authenticate. > Here is my /etc/sssd/sssd.conf:Hmm, I wonder if sssd is getting in the way ? No idea, we do not produce sssd, can I suggest asking on the sssd-users mailing list. Rowland
Nico Kadel-Garcia
2019-May-14 08:19 UTC
[Samba] Samba4 changing a user's password from linux workstation
On Tue, May 14, 2019 at 3:42 AM Rowland penny via samba <samba at lists.samba.org> wrote:> > On 14/05/2019 08:30, Julien TEHERY via samba wrote:> > Yep I allready tried it, it ends with "kpasswd preauthentication > > failed getting initial ticket"What does "klist" say? And can you run "kinit" to ensure you have a valid ticket? One of my favorite failures is when the time settings between the local host, and the Samba or AD server, have drifted from each other. There are a lot of very awkward and inconsistent NTP or chronyd settings out there, exacerbated when people point NTP to only one server and that server is inaccessible to one or more hosts.> > I must precise we use pam_sssd against Samba4/AD to authenticate. > > Here is my /etc/sssd/sssd.conf: > > > Hmm, I wonder if sssd is getting in the way ? No idea, we do not produce > sssd, can I suggest asking on the sssd-users mailing list. > > RowlandI've gotten pretty unhappy with "realmd" and "sssd". They try to hide a lot of steps away from the user, but the internal interactions are a bit of a "mousetrap" game. When it works, you get the mouse. But if any of the many steps are even slightly worn, it becomes erratic or fails.
Possibly Parallel Threads
- Samba4 changing a user's password from linux workstation
- Samba4 changing a user's password from linux workstation
- Samba4 changing a user's password from linux workstation
- Samba4 changing a user's password from linux workstation
- Samba4 changing a user's password from linux workstation