This happens to me as well. Over several different versions of Samba.
It's a minor nuisance on my end. Basically the following
* User is prompted to change password
* User types old password along with new password twice.
* User is prompted with the error message 'unable to change password.
doesn't meet the complexity blah blah blah'.
* It will then prompt for old password along with new password.
The password change actually succeeds. That's why the user receives a
message about the old password not being correct. I have the user
restart their workstation and have them log in with the password they
just created. Sometimes they will need to choose other user and type
their username and password and not use the last logged on user prompt.
On 1/27/2015 12:42 PM, Marc Muehlfeld wrote:> Hello Micha?,
>
> Am 27.01.2015 um 07:08 schrieb Micha? P??rolniczak:
>> When changing password via Windows Logon it doesn't say it change
it, it
>> say that new password that I entered is not valid with password politic
>> settings, and wasn't change.
> Does it met the requirements?
> https://technet.microsoft.com/en-us/library/cc786468%28v=ws.10%29.aspx
>
> See 'samba-tool domain passwordsettings --help' if you wanna change
> domain wide password settings.
>
>
>
>> But if you try to change the old password once more (even with the same
>> password you enter right before) it say that the user name or password
>> is invalid.
>> And you can not log anymore using old or new password.
> That's strange. Never heard that. Let me try to reprocuce this.
> - Which Windows OS do you try to do the PW change on?
> - Give an example password that isn't accepted and after that
> you get into this situation.
>
>
> Regards,
> Marc
--
-James
Hello James, Am 27.01.2015 um 19:23 schrieb James:> This happens to me as well. Over several different versions of Samba. > It's a minor nuisance on my end. Basically the following > > * User is prompted to change password > * User types old password along with new password twice. > * User is prompted with the error message 'unable to change password. > doesn't meet the complexity blah blah blah'. > * It will then prompt for old password along with new password. > > The password change actually succeeds. That's why the user receives a > message about the old password not being correct. I have the user > restart their workstation and have them log in with the password they > just created. Sometimes they will need to choose other user and type > their username and password and not use the last logged on user prompt.I can't reproduce this here in my test environment on 4.2.0rc4 from a Win7 64-Bit Pro workstation: I used the following settings: # samba-tool domain passwordsettings show Password informations for domain 'DC=samdom,DC=example,DC=com' Password complexity: on Store plaintext passwords: off Password history length: 24 Minimum password length: 8 Minimum password age (days): 1 Maximum password age (days): 42 Account lockout duration (mins): 30 Account lockout threshold (attempts): 0 Reset account lockout after (mins): 30 For one user I marked "User must change password on next logon" in ADUC and for a second one, I set pwdLastSet to May last year. Both users had a initial password that met the complexity settings (aa-bb123). Then I logged on with both. Windows told me, that the password has to be changed. I tried to set it to 'password' which fails, because of the complexity rule. Then I entered the old password (aa-bb123) and twice a new one (yy-zz123) and the password change was done. On a second logon try the new password worked. I also tried just to set it to 'password' (what fails because of missing complexity) and then went back to the login screen. But the password for the next login was still 'aa-bb123' - so it wasn't set. If this weren't the steps you did, please give me a step by step example. Regards, Marc
Marc,
I'm using Samba 4.1.15 compiled from tar on Ubuntu 12.04 server. Win 7
64-bit Pro Workstation.
samba-tool domain passwordsettings show
Password informations for domain 'DC=domain,DC=local'
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 90
I attempted 3 times to update password. I used two different users. Two
out of the 3 attempts "failed". I went into ADUC and checked off
'User
must change password at next logon'.
* Entered current password
* Prompt with "The user's password must be changed before logging on
the first time."
* Entered 'password' as new password
* Failed as expected. 'Doesn't meet complexity requirements'
prompt
* Prompted to change password again and chose one that meet complexity
rules.
* Create new password. Received 'Your password has been changed'
prompt. Click OK
* Receive 'Your password has expired and must be changed' prompt.
Click OK.
* I then receive a strange screen. It displays Other User as username
along with 3 white boxes with what looks like fields for old
password and new password twice prompt.
I took a pic if needed. Not sure if I can post pics here.
On 1/27/2015 2:01 PM, Marc Muehlfeld wrote:> Hello James,
>
> Am 27.01.2015 um 19:23 schrieb James:
>> This happens to me as well. Over several different versions of Samba.
>> It's a minor nuisance on my end. Basically the following
>>
>> * User is prompted to change password
>> * User types old password along with new password twice.
>> * User is prompted with the error message 'unable to change
password.
>> doesn't meet the complexity blah blah blah'.
>> * It will then prompt for old password along with new password.
>>
>> The password change actually succeeds. That's why the user receives
a
>> message about the old password not being correct. I have the user
>> restart their workstation and have them log in with the password they
>> just created. Sometimes they will need to choose other user and type
>> their username and password and not use the last logged on user prompt.
>
> I can't reproduce this here in my test environment on 4.2.0rc4 from a
> Win7 64-Bit Pro workstation:
>
> I used the following settings:
> # samba-tool domain passwordsettings show
> Password informations for domain 'DC=samdom,DC=example,DC=com'
>
>
>
>
>
>
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 8
> Minimum password age (days): 1
> Maximum password age (days): 42
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
>
> For one user I marked "User must change password on next logon"
in ADUC
> and for a second one, I set pwdLastSet to May last year. Both users had
> a initial password that met the complexity settings (aa-bb123).
>
> Then I logged on with both. Windows told me, that the password has to be
> changed. I tried to set it to 'password' which fails, because of
the
> complexity rule. Then I entered the old password (aa-bb123) and twice a
> new one (yy-zz123) and the password change was done. On a second logon
> try the new password worked.
>
>
> I also tried just to set it to 'password' (what fails because of
missing
> complexity) and then went back to the login screen. But the password for
> the next login was still 'aa-bb123' - so it wasn't set.
>
>
>
> If this weren't the steps you did, please give me a step by step
example.
>
>
> Regards,
> Marc
--
-James