Marc,
I'm using Samba 4.1.15 compiled from tar on Ubuntu 12.04 server. Win 7
64-bit Pro Workstation.
samba-tool domain passwordsettings show
Password informations for domain 'DC=domain,DC=local'
Password complexity: on
Store plaintext passwords: off
Password history length: 24
Minimum password length: 7
Minimum password age (days): 1
Maximum password age (days): 90
I attempted 3 times to update password. I used two different users. Two
out of the 3 attempts "failed". I went into ADUC and checked off
'User
must change password at next logon'.
* Entered current password
* Prompt with "The user's password must be changed before logging on
the first time."
* Entered 'password' as new password
* Failed as expected. 'Doesn't meet complexity requirements'
prompt
* Prompted to change password again and chose one that meet complexity
rules.
* Create new password. Received 'Your password has been changed'
prompt. Click OK
* Receive 'Your password has expired and must be changed' prompt.
Click OK.
* I then receive a strange screen. It displays Other User as username
along with 3 white boxes with what looks like fields for old
password and new password twice prompt.
I took a pic if needed. Not sure if I can post pics here.
On 1/27/2015 2:01 PM, Marc Muehlfeld wrote:> Hello James,
>
> Am 27.01.2015 um 19:23 schrieb James:
>> This happens to me as well. Over several different versions of Samba.
>> It's a minor nuisance on my end. Basically the following
>>
>> * User is prompted to change password
>> * User types old password along with new password twice.
>> * User is prompted with the error message 'unable to change
password.
>> doesn't meet the complexity blah blah blah'.
>> * It will then prompt for old password along with new password.
>>
>> The password change actually succeeds. That's why the user receives
a
>> message about the old password not being correct. I have the user
>> restart their workstation and have them log in with the password they
>> just created. Sometimes they will need to choose other user and type
>> their username and password and not use the last logged on user prompt.
>
> I can't reproduce this here in my test environment on 4.2.0rc4 from a
> Win7 64-Bit Pro workstation:
>
> I used the following settings:
> # samba-tool domain passwordsettings show
> Password informations for domain 'DC=samdom,DC=example,DC=com'
>
>
>
>
>
>
>
> Password complexity: on
> Store plaintext passwords: off
> Password history length: 24
> Minimum password length: 8
> Minimum password age (days): 1
> Maximum password age (days): 42
> Account lockout duration (mins): 30
> Account lockout threshold (attempts): 0
> Reset account lockout after (mins): 30
>
> For one user I marked "User must change password on next logon"
in ADUC
> and for a second one, I set pwdLastSet to May last year. Both users had
> a initial password that met the complexity settings (aa-bb123).
>
> Then I logged on with both. Windows told me, that the password has to be
> changed. I tried to set it to 'password' which fails, because of
the
> complexity rule. Then I entered the old password (aa-bb123) and twice a
> new one (yy-zz123) and the password change was done. On a second logon
> try the new password worked.
>
>
> I also tried just to set it to 'password' (what fails because of
missing
> complexity) and then went back to the login screen. But the password for
> the next login was still 'aa-bb123' - so it wasn't set.
>
>
>
> If this weren't the steps you did, please give me a step by step
example.
>
>
> Regards,
> Marc
--
-James