samba - Dec 2023 - Samba 4.19.2: "Unwilling to perform" password change

Hello All,

I have a custom built version of Samba 4.19.2 running on Rocky Linux 9.
When I attempt to change a password via LDAP, I get an error, "Unwilling to
Perform".  In Google searches I found that this is due to password
complexity requirements.  However, in my case, I get the error no matter
how complex the password.  Also, I have the following line in my smb.conf
file:

ldap server require strong auth = no

The actual error I'm getting in the log:

[2023/12/16 14:21:01.537051,  5]
../../lib/audit_logging/audit_logging.c:97(audit_log_human_text)
  DSDB Change [Add] at [Sat, 16 Dec 2023 14:21:01.536966 EST] status
[Unwilling to perform] remote host [ipv4:192.168.4.60:59926] SID
[S-1-5-21-2696128225-1306404786-1287425722-500] DN
[cn=test_user_1,dc=noosphere,dc=as] attributes [cn [test_user_1]
displayName [test_user_1] objectClass [user] [securityPrincipal] pwdLastSet
[-1] sAMAccountName [test_user_1] unicodePwd [REDACTED SECRET ATTRIBUTE]
userAccountControl [512] userPrincipalName [test_user_1]]
[2023/12/16 14:21:01.537106,  5]
../../lib/audit_logging/audit_logging.c:97(audit_log_human_text)
  Password Change [Reset] at [Sat, 16 Dec 2023 14:21:01.537093 EST] status
[Unwilling to perform] remote host [ipv4:192.168.4.60:59926] SID
[S-1-5-21-2696128225-1306404786-1287425722-500] DN
[cn=test_user_1,dc=noosphere,dc=as]
  {"timestamp": "2023-12-16T14:21:01.537196-0500",
"type": "dsdbChange",
"dsdbChange": {"version": {"major": 1,
"minor": 0}, "statusCode": 53,
"status": "Unwilling to perform", "operation":
"Add", "remoteAddress":
"ipv4:192.168.4.60:59926", "performedAsSystem": false,
"userSid":
"S-1-5-21-2696128225-1306404786-1287425722-500", "dn":
"cn=test_user_1,dc=noosphere,dc=as", "transactionId":
"a8713402-da47-47b6-908c-89cccf67ec78", "sessionId":
"2b12f218-4286-4015-90ad-ac20e15abd41", "attributes":
{"cn": {"actions":
[{"action": "add", "values": [{"value":
"test_user_1"}]}]}, "displayName":
{"actions": [{"action": "add", "values":
[{"value": "test_user_1"}]}]},
"objectClass": {"actions": [{"action":
"add", "values": [{"value": "user"},
{"value": "securityPrincipal"}]}]}, "pwdLastSet":
{"actions": [{"action":
"add", "values": [{"value": "-1"}]}]},
"sAMAccountName": {"actions":
[{"action": "add", "values": [{"value":
"test_user_1"}]}]}, "unicodePwd":
{"actions": [{"action": "add",
"redacted": true}]}, "userAccountControl":
{"actions": [{"action": "add", "values":
[{"value": "512"}]}]},
"userPrincipalName": {"actions": [{"action":
"add", "values": [{"value":
"test_user_1"}]}]}}}}
  {"timestamp": "2023-12-16T14:21:01.537315-0500",
"type":
"passwordChange", "passwordChange": {"version":
{"major": 1, "minor": 1},
"eventId": 4724, "statusCode": 53, "status":
"Unwilling to perform",
"remoteAddress": "ipv4:192.168.4.60:59926",
"userSid":
"S-1-5-21-2696128225-1306404786-1287425722-500", "dn":
"cn=test_user_1,dc=noosphere,dc=as", "action":
"Reset", "transactionId":
"a8713402-da47-47b6-908c-89cccf67ec78", "sessionId":
"2b12f218-4286-4015-90ad-ac20e15abd41"}}
[2023/12/16 14:21:01.537387,  5]
../../lib/audit_logging/audit_logging.c:97(audit_log_human_text)
  DSDB Transaction [rollback] at [Sat, 16 Dec 2023 14:21:01.537376 EST]
duration [124049]
  {"timestamp": "2023-12-16T14:21:01.537404-0500",
"type":
"dsdbTransaction", "dsdbTransaction": {"version":
{"major": 1, "minor": 0},
"action": "rollback", "transactionId":
"a8713402-da47-47b6-908c-89cccf67ec78", "duration": 124049}}

What could be causing this?

Thanks!
-JK

On Sat, 16 Dec 2023 14:29:06 -0500
Joshua Kramer via samba <samba at lists.samba.org> wrote:
> Hello All,
> 
> I have a custom built version of Samba 4.19.2 running on Rocky Linux
> 9. When I attempt to change a password via LDAP, I get an error,
> "Unwilling to Perform".  In Google searches I found that this is
due
> to password complexity requirements.
The password complexity isn't the problem, the problem is that you
cannot change the unicode password over ldap, you have to use ssl
(ldaps).
 
Rowland